On 2014-06-05 15:46, Florian Zumbiehl wrote:
Hi,
Package : openssl
CVE ID : CVE-2014-0195 CVE-2014-0221 CVE-2014-0224
CVE-2014-3470
is it intentional that you didn't fix CVE-2014-0198
That was fixed last month -
https://www.debian.org/security/2014/dsa-2931
and CVE-2010-5298?
https://security-tracker.debian.org/tracker/CVE-2010-5298 indicates that
this is only an issue if OPENSSL_NO_BUF_FREELIST is enabled, which it's
not in the Debian package. Is that not correct?
Regards,
Adam
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/fc06fcb2d5ff06d92fa7dc24e5c18...@mail.adsl.funky-badger.org