1 |
Anthony Metcalf wrote: |
2 |
> On Fri, 19 Mar 2004 11:22:17 +0100 |
3 |
> Marc Ballarin <Ballarin.Marc@×××.de> wrote: |
4 |
> |
5 |
> |
6 |
> |
7 |
>>However packages that statically include openssl ("static" useflag) |
8 |
>>contain the version used at build time. Those packages will continue |
9 |
>>working, but remain vulnerable unless rebuilt. |
10 |
> |
11 |
> |
12 |
> Ok , so to be really annoying, this is the list of installed software |
13 |
> that has the ssl use flag, which if any would need updating? Or how can |
14 |
> I find out? |
15 |
> |
16 |
> dev-lang/python-2.3.3 |
17 |
> net-misc/wget-1.9-r2 |
18 |
> net-mail/fetchmail-6.2.3 |
19 |
> dev-db/mysql-4.0.17 |
20 |
> dev-libs/cyrus-sasl-2.1.14 |
21 |
> net-nds/openldap-2.1.26 |
22 |
> net-mail/postfix-2.0.19 |
23 |
> net-libs/libwww-5.4.0-r2 |
24 |
> net-libs/c-client-2002e-r2 |
25 |
> dev-php/mod_php-4.3.4-r4 |
26 |
> dev-php/php-4.3.4-r4 |
27 |
> net-www/links-2.1_pre11 |
28 |
> net-print/cups-1.1.20 |
29 |
> net-mail/mutt-1.5.6 |
30 |
> net-misc/ntp-4.1.2 |
31 |
> net-fs/samba-2.2.8a |
32 |
> net-www/lynx-2.8.4.1d-r1 |
33 |
> |
34 |
> From that I wont bother about client only apps, wget fetchmail etc, but |
35 |
> postfix, cyrus, mod-php, are all internet facing. |
36 |
> I got this list from |
37 |
> # emerge -epDv world | grep +ssl > sslthings.txt |
38 |
|
39 |
But there may be packages that doesn't have the ssl useflag set, but |
40 |
instead depend on ssl. To find installed packages depending on openssl, run: |
41 |
qpkg -I -q openssl |
42 |
|
43 |
Both lists may contain packages that is not in the other list. |
44 |
|
45 |
revdep-rebuld can be used to recompile those that use openssl dynamicly, |
46 |
but not staticly. |
47 |
|
48 |
I say we need a new method to keep track of this. |
49 |
|
50 |
/Johan Andersson |
51 |
|
52 |
-- |
53 |
gentoo-security@g.o mailing list |