On Fri, Dec 06, 2002 at 03:39:36PM -0500, Tom Lane wrote:
> An update would be a good idea in any case. IIRC, there are known
> security loopholes in all openssl releases up to very recent times.
> I'm using 0.9.6g here; I am pretty sure 0.9.6c is vulnerable,
> not sure about 0.9.6e. See www.openssl.org for details.
Actually it's quite safe, because it's from a Debian package and they
often back-port serious/security-related bug fixes. Weird, I know,
but they don't like to add untested software to their 'stable' branch
if at all possible. They prefer applying the patches themselves.