Home page logo

basics logo Security Basics mailing list archives

Debian repositories and openssl vulnerability
From: "Bruno G. San Alejo" <bgs1714 () ono com>
Date: Tue, 03 Jun 2008 21:36:13 +0200

Hello there, I have not seen any discussions about how the openssl
vulnerability in Debian has impacted the repositories signing method. 
If  the  keys were compromised then all the repositories were
compromised and all the Debian  systems that  have been  updated from
2006 till now are compromised (theoretically speaking).

    I'm not too sure abut this, that's why I'm asking. I have family
duties and have not much spare time to really look into this. But  I've
seen no discussion about this and I'm trying to find out if the
repositories were not to be trusted for the the last 2 years, and as
afar as I know this is a vuln at the random seed level, so it means that
the signs were compromised as well.

Have fun everyone.

  By Date           By Thread  

Current thread:
  • Debian repositories and openssl vulnerability Bruno G. San Alejo (Jun 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]