The Debian project has sent out an
stating that, due to a Debian-specific modification to the
openssl package, cryptographic keys generated on affected systems may be
guessable. "It is strongly recommended that all cryptographic key
material which has been generated by OpenSSL versions starting with
0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA
keys ever used on affected Debian systems for signing or authentication
purposes should be considered compromised.
" The project has disabled public key logins
on its internal
infrastructure in response.
to post comments)