The AWS ELB servers are apparently vulnerable, too, so don't update your SSL certs on ELB until they are confirmed fixed.
https://forums.aws.amazon.com/thread.jspa?threadID=149690&tstart=0 On Mon, Apr 7, 2014 at 5:48 PM, Jonathan Landis <j...@calibersecurity.com> wrote: > Package: cloud.debian.org > > The heartbleed bug has created a situation in which servers must be upgraded > immediately. At the moment the default mirrors listed in the Debian Wheezy > AMI image don't have the patches yet, but security.debian.org does. So users > of the existing image have to update sources.list on each of their servers > if they want to get patched ASAP. > > Is there any reason not to include security.debian.org in sources.list by > default? > > > -- > To UNSUBSCRIBE, email to debian-cloud-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: https://lists.debian.org/53434779.2010...@calibersecurity.com > -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org