On Wed, Mar 23, 2016 at 15:09:19 +0000, Mike LI wrote: > Dear Debian developers: > We still use 0.9.8 with Debian squeeze (lts) dist in production systems. > > As shown below, > https://security-tracker.debian.org/tracker/CVE-2016-0800 > > openssl (PTS)squeeze, squeeze (security)0.9.8o-4squeeze14vulnerable > squeeze (lts)0.9.8o-4squeeze23 vulnerable > Do you have plan/schedule when it will be fixed? > squeeze-lts reached end of life last month. No new fixes will be released for it. You should upgrade to a supported release ASAP. https://www.debian.org/News/2016/20160212
Cheers, Julien