Re: [SECURITY] [DSA 2950-1] openssl security update

Adam D. Barratt Thu, 05 Jun 2014 09:14:34 -0700

On 2014-06-05 15:46, Florian Zumbiehl wrote:

Hi,
Package        : openssl
CVE ID : CVE-2014-0195 CVE-2014-0221 CVE-2014-0224CVE-2014-3470
is it intentional that you didn't fix CVE-2014-0198

That was fixed last month -https://www.debian.org/security/2014/dsa-2931

and CVE-2010-5298?

https://security-tracker.debian.org/tracker/CVE-2010-5298 indicates thatthis is only an issue if OPENSSL_NO_BUF_FREELIST is enabled, which it'snot in the Debian package. Is that not correct?


Regards,

Adam


--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/fc06fcb2d5ff06d92fa7dc24e5c18...@mail.adsl.funky-badger.org

Re: [SECURITY] [DSA 2950-1] openssl security update

Reply via email to