Does CVE-2008-5077 (see http://www.openssl.org/news/secadv_20090107.txt) apply to 2008.11? If yes, is anybody working on that (I couldn't find anything in Bugzilla or Bugster)? Will there be a central place where security issues are tracked for OS releases? -- Guido Berhoerster