Bug#743883: [Pkg-openssl-devel] Bug#743883: Bug#743883: CVE-2014-0160 heartbeat read overrun (heartbleed)
On 08/04/14 18:32, Kurt Roeckx wrote: jessie is still vulnerable at 1.0.1f-1. jessie has 1.0.1g-1 already, which should fix it. Thank you, it just took a little longer for the package to hit my mirror. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#743883: [Pkg-openssl-devel] Bug#743883: Bug#743883: CVE-2014-0160 heartbeat read overrun (heartbleed)
On Tue, Apr 08, 2014 at 03:37:45PM +0200, Gregor Riepl wrote: found 743883 1.0.1e-2 fixed 743883 + 1.0.1-g fixed 743883 + 1.0.1e-2+deb7u5 jessie is still vulnerable at 1.0.1f-1. jessie has 1.0.1g-1 already, which should fix it. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#743883: CVE-2014-0160 heartbeat read overrun (heartbleed)
When will jessie be updated? The website still has 1.0.1f-1 and the Debian Changelog shows Not found page. https://packages.debian.org/jessie/openssl http://metadata.ftp-master.debian.org/changelogs//main/o/openssl/openssl_1.0.1f-1_changelog apt-get also gives 1.0.1f-1 Please fix. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#743883: [Pkg-openssl-devel] Bug#743883: CVE-2014-0160 heartbeat read overrun (heartbleed)
On Tue, Apr 08, 2014 at 02:18:53PM -0400, gmitpro wrote: When will jessie be updated? The website still has 1.0.1f-1 and the Debian Changelog shows Not found page. https://packages.debian.org/jessie/openssl http://metadata.ftp-master.debian.org/changelogs//main/o/openssl/openssl_1.0.1f-1_changelog apt-get also gives 1.0.1f-1 Please fix. You need to wait until your mirror has it. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#743883: [Pkg-openssl-devel] Bug#743883: CVE-2014-0160 heartbeat read overrun (heartbleed)
On Tue, Apr 08, 2014 at 08:43:11PM +0200, Kurt Roeckx wrote: On Tue, Apr 08, 2014 at 02:18:53PM -0400, gmitpro wrote: When will jessie be updated? The website still has 1.0.1f-1 and the Debian Changelog shows Not found page. https://packages.debian.org/jessie/openssl http://metadata.ftp-master.debian.org/changelogs//main/o/openssl/openssl_1.0.1f-1_changelog apt-get also gives 1.0.1f-1 Please fix. You need to wait until your mirror has it. Or get it from unstable, your mirror should have it there. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#743883: CVE-2014-0160 heartbeat read overrun (heartbleed)
Warning, openssl=1.0.1e-2+deb7u6 depends on libssl1.0.0= 1.0.1, so, updating openssl without updating the whole world does not update libssl. It would be an excellent idea if openssl=1.0.1e-2+deb7u6 depends on libssl1.0.0=1.0.1e-2+deb7u6 if someone wants install this security fix without installing a non-security update from another package inside another repository (what happens with apt-get upgrade). -- Thomas DEBESSE -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#743883: CVE-2014-0160 heartbeat read overrun (heartbleed)
Package: openssl Version: 1.0.1f-1 Severity: grave A serious flaw has been discovered in OpenSSL versions 1.0.1 through 1.0.1f. This bug can allow an attacker to read process memory on vulnerable systems leading to exposure of the private key. Please see: http://www.openssl.org/news/secadv_20140407.txt http://heartbleed.com/ Debian will need to patch OpenSSL in sid, jessie, and wheezy, and all keys used with vulnerable processes will need to be replaced both in Debian infrastructure and by all users of this package. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#743883: [Pkg-openssl-devel] Bug#743883: CVE-2014-0160 heartbeat read overrun (heartbleed)
found 743883 1.0.1e-2 fixed 743883 + 1.0.1-g fixed 743883 + 1.0.1e-2+deb7u5 close 743883 thanks On Mon, Apr 07, 2014 at 09:11:09PM +, Travis Cross wrote: Package: openssl Version: 1.0.1f-1 Severity: grave A serious flaw has been discovered in OpenSSL versions 1.0.1 through 1.0.1f. This bug can allow an attacker to read process memory on vulnerable systems leading to exposure of the private key. Please see: http://www.openssl.org/news/secadv_20140407.txt http://heartbleed.com/ Debian will need to patch OpenSSL in sid, jessie, and wheezy, and all keys used with vulnerable processes will need to be replaced both in Debian infrastructure and by all users of this package. ___ Pkg-openssl-devel mailing list pkg-openssl-de...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-openssl-devel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
