« SANE in Lenny
Of course it’s far worse. Did I tell otherwise? »

Making code valgrind-clean …

NOT.

Also see #363516.

Genius.

Now regenerating every single SSH key, SSL certificate and whatever else I can identify that’s been produced by one of the Valgrind-clean openssl. Also expiring and changing every single password I’ve ever typed in a vulnerable SSH session (be it at login or in the session).

Updating the packages on the machines was fun already.

Worst Debian day ever since the 2003 compromise. And that was a BAD one.

I guess we need a new openssl maintainer, we obviously cannot trust the current one(s).

This entry was posted on Tuesday, May 13th, 2008 at 3:11 pm and is filed under Debian. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.