Description of problem:
CAN-2004-0079 and CAN-2004-0079 affect the openssl-0.9.7a packages
shipped in Fedora Core 1. CAN-2004-0081 affects the openssl096 and
openssl-096b compat packages shipped in Fedora Core 1.
This is a tracker bug for this issue.
All this is fixed already for RH9. Why no rebuild and pushing it out
Strange, the "stuff", as you write it in your posting at the
mailinglist is tested for RH9 - and what's up with RHEL3? There is
an update available...untested?! So the latest update from OpenSSL for
RHEL3 and Fedora Development don't differ much.
I still can't understand why the problem is fixed in the old RH9 (which
is near EOL), but also in the new RHEL3 which has approximately the
same version as FC1/Rawhide, but there it isn't solved. ?:-|
FC1 update packages were made available for testing earlier today as
per fedora-test posting. If you wish to accelerate progress of these
updates then test the packages and post results here. Please keep any
other discussion to the mailing list.
openssl-0.9.7a-33.10 Works For Me(tm) on the about 10 FC1 servers I
installed it on so far. There have been no issues with it during
upgrade/freshen and/or operation. Services in use are ssh, mod_ssl,
imapd with ssl. I'll upgrade the rest during the weekend but am not
expecting any problems.
Just a confirmation that things seem to work.
Thanks Kaj for posting your feedback; the update was released last Friday.