Bug#743883: Is it realy fixed?

Jerzy Sobczyk Thu, 10 Apr 2014 23:58:03 -0700

Hello!

After reading the advisory DSA-2896-1 openssl -- security update
I have upgraded openssl on my servers to 1.0.1e-2+deb7u6
and tested them again with:
        http://filippo.io/Heartbleed/#example.server.domain
        
http://rehmann.co/projects/heartbeat/?domain=example.server.domain&port=443&submit=Submit
And still I get "IS VULNERABLE" results!
Does it mean that tests are wrong or the package is not fixed?


After a while I have discovered that upgrading openssl package is not enough!
It is necessary to upgrade also packages (may be too many):
         libcrypto1.0.0-udeb
         libssl-dev
         libssl-doc
         libssl1.0.0
         libssl1.0.0-dbg
IT SHOULD BE WRITTEN IN THE ADVISORY!!!!
Alternatively (better) openssl package should require
newer versions of necessary libraries.

With Best Regards,
        Jerzy Sobczyk
-- 
------------------ Institute of Control and Computation Engineering  ______
Jerzy Sobczyk               Warsaw University of Technology         /_/   |
[email protected]              Nowowiejska 15/19              / / /| |
http://www.ia.pw.edu.pl/~jurek    00-665 Warsaw, POLAND           / / _>| |
tel. +48 22 234 7863 _____________ fax. +48 22 8253719 ________  /_/_/  |_|


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Bug#743883: Is it realy fixed?

Reply via email to