Am 11.04.2014 06:53, schrieb Viktor Dukhovni:
> Note that various vendor SSL updates for "Heartbleed" may not
> exhibit the issue.  For example, Debian wheezy back-ported just the
> relevant bug-fix to without back-porting the new padding extension.
> I also expect similar (fortunate) behaviour on system's with OpenSSL
> patched by RedHat, and various others

confirmed for RedHat, at least i expect the same
changeset for RHEL and Fedora
openssl-1.0.1e-37.fc19.1 / openssl-1.0.1e-37.fc20.1

* Mon Apr 07 2014 Dennis Gilmore <>
- 1.0.1e-37.1 - pull in upstream patch for CVE-2014-0160
- removed CHANGES file portion from patch for expediency

* Tue Jan 07 2014 Tomáš Mráz <> 1.0.1e-37
- fix CVE-2013-4353
- Invalid TLS handshake crash
- fix CVE-2013-6450 - possible MiTM attack on DTLS1

Reply via email to