[Toolserver-l] [SECURITY] Debian OpenSSL bug may affect cryptographic keys generated or used on hemlock
River Tarnell
river at wikimedia.org
Tue May 13 12:53:22 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
anyone who has used hemlock to generate cryptographic keys (e.g. SSL
certificates or SSH keys), or used keys generated elsewhere on
hemlock, should be aware of this Debian security advisory:
http://lists.debian.org/debian-security-announce/2008/msg00152.html
such keys should be considered compromised, and replaced with newly
generated keys. the version of OpenSSL currently installed on
hemlock is not affected by this problem.
this does not affect keys generated or used on the stable server.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIKY9FIXd7fCuc5vIRAlugAKCFXJwNlKw+iLWwGo/5yQCHO43LcgCfV19J
XpAR+TE9OFKv0TvF4a3yfdI=
=cZ29
-----END PGP SIGNATURE-----
More information about the Toolserver-l
mailing list