"All versions of OpenSSL supporting TLS extensions contain this vulnerability including OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a releases."
This is fixed (again copying from the above):
"Users of all OpenSSL 0.9.8 releases from 0.9.8f through 0.9.8o should update
to the OpenSSL 0.9.8p release which contains a patch to correct this issue.
Users of OpenSSL 1.0.0 and 1.0.0a should update to the OpenSSL 1.0.0b release
which contains a patch to correct this issue."
So i believe this report should be updated to reflect the above and request openssl 1.0.0b to be included in the latest ubuntu repository (and maybe consider updating the other related openssl reports in launchpad concerning 0.9.8 versions)
Just to let everyone know, a security bug has been found in openssl :
(copying from here : http:// marc.info/ ?l=openssl- announce& m=1289926994019 45&w=2)
"All versions of OpenSSL supporting TLS extensions contain this vulnerability including OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a releases."
This is fixed (again copying from the above):
"Users of all OpenSSL 0.9.8 releases from 0.9.8f through 0.9.8o should update
to the OpenSSL 0.9.8p release which contains a patch to correct this issue.
Users of OpenSSL 1.0.0 and 1.0.0a should update to the OpenSSL 1.0.0b release
which contains a patch to correct this issue."
You can find more information about releases 0.9.8p and 1.0.0b here : marc.info/ ?l=openssl- announce& r=1&b=201011& w=2
http://
So i believe this report should be updated to reflect the above and request openssl 1.0.0b to be included in the latest ubuntu repository (and maybe consider updating the other related openssl reports in launchpad concerning 0.9.8 versions)