Package: openssl Version: 1.0.1f-1 Severity: grave A serious flaw has been discovered in OpenSSL versions 1.0.1 through 1.0.1f. This bug can allow an attacker to read process memory on vulnerable systems leading to exposure of the private key. Please see:
http://www.openssl.org/news/secadv_20140407.txt http://heartbleed.com/ Debian will need to patch OpenSSL in sid, jessie, and wheezy, and all keys used with vulnerable processes will need to be replaced both in Debian infrastructure and by all users of this package. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org