Hi, > > That was fixed last month - https://www.debian.org/security/2014/dsa-2931 > > So that's fixed since 1.0.1e-2+deb7u9 > > > >and CVE-2010-5298? > > > > https://security-tracker.debian.org/tracker/CVE-2010-5298 indicates that > > this is only an issue if OPENSSL_NO_BUF_FREELIST is enabled, which it's not > > in the Debian package. Is that not correct? > > This was fixed in DSA-2908-1 (1.0.1e-2+deb7u7)
Thanks for the info both of you! I just hadn't considered the possibility that Debian could have fixed some security issues weeks before OpenSSL's own advisory. And thanks for fixing them so fast to whoever is responsible! :-) Regards, Florian -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140605205407.gh4...@florz.florz.dyndns.org