Hi, After upgrading the packages in DSA 2896-2 (openssl security update), the second version, 1.0.1e-2+deb7u6, that detects services to restart, I noted that the postist script didn't suggest that I should restart apache2.
As far as I can tell apache2 (apache2.2-bin) depends on libssl1.0.0 and could be affected by CVE-2014-0160. Correct? I note that the postinst script in libssl1.0.0 searches for the virtual package apache2-common which is not installed on my servers. Is this a bug in the postinst script, or is apache2 not affected, or is it a user error to not have the virtual package installed? BTW, thanks to all involved in Debian's rapid response to this CVE! -- Fredrik Jonson -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
