Debian-based OpenSSL keys -- vulnerable to attack?

Roger Burton West roger at
Thu May 22 09:07:40 BST 2008

On Wed, May 21, 2008 at 09:50:31PM -0700, Jonathan Lloyd wrote:
>I received a message from the Association for Computing and Machinery saying
>that any SSL key generated on a Debian system since May of 2006 could be
>vulnerable to attack.  Seems kind of important -- assuming it is legitimate.

Well, that's more than a week late, and any admin who hasn't already
taken action really isn't doing his job... but why are you trusting
third parties when you should be subscribed to Bugtraq and/or the Debian
security update list?


More information about the mailing list