undefined | Better HN

0 pointsjosephcsible4y ago0 comments

This isn't the only time Debian has introduced a serious security vulnerability by changing things in packages. The most notable prior example that comes to mind is CVE-2008-0166.

0 pointsjosephcsible4y ago0 comments

This isn't the only time Debian has introduced a serious security vulnerability by changing things in packages. The most notable prior example that comes to mind is CVE-2008-0166.

0 comments

6 comments · 2 top-level

gmfawcett4y ago· 2 in thread

That's a notable prior example from 14 years ago. I'm not sure you're making a strong argument here!

pgporada4y ago

It's still relevant for Web PKI work.

yjftsjthsd-h4y ago

How is it still relevant? Even if certs made with a vulnerable version weren't revoked at the time, wouldn't they would have been rotated by now?

gunapologist994y ago· 2 in thread

Another similar one (perhaps worse!) from the same era: https://jblevins.org/log/ssh-vulnkey

josephcsibleOP4y ago

Isn't that the same one?

gunapologist994y ago

Ah, yes, good catch!

j / k navigate · click thread line to collapse