Bug#743883: [Pkg-openssl-devel] Bug#743883: CVE-2014-0160 heartbeat read overrun (heartbleed)
On Tue, Apr 08, 2014 at 02:18:53PM -0400, gmitpro wrote: When will jessie be updated? The website still has 1.0.1f-1 and the Debian Changelog shows Not found page. https://packages.debian.org/jessie/openssl http://metadata.ftp-master.debian.org/changelogs//main/o/openssl/openssl_1.0.1f-1_changelog apt-get also gives 1.0.1f-1 Please fix. You need to wait until your mirror has it. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#743883: [Pkg-openssl-devel] Bug#743883: CVE-2014-0160 heartbeat read overrun (heartbleed)
On Tue, Apr 08, 2014 at 08:43:11PM +0200, Kurt Roeckx wrote: On Tue, Apr 08, 2014 at 02:18:53PM -0400, gmitpro wrote: When will jessie be updated? The website still has 1.0.1f-1 and the Debian Changelog shows Not found page. https://packages.debian.org/jessie/openssl http://metadata.ftp-master.debian.org/changelogs//main/o/openssl/openssl_1.0.1f-1_changelog apt-get also gives 1.0.1f-1 Please fix. You need to wait until your mirror has it. Or get it from unstable, your mirror should have it there. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#743883: [Pkg-openssl-devel] Bug#743883: CVE-2014-0160 heartbeat read overrun (heartbleed)
found 743883 1.0.1e-2 fixed 743883 + 1.0.1-g fixed 743883 + 1.0.1e-2+deb7u5 close 743883 thanks On Mon, Apr 07, 2014 at 09:11:09PM +, Travis Cross wrote: Package: openssl Version: 1.0.1f-1 Severity: grave A serious flaw has been discovered in OpenSSL versions 1.0.1 through 1.0.1f. This bug can allow an attacker to read process memory on vulnerable systems leading to exposure of the private key. Please see: http://www.openssl.org/news/secadv_20140407.txt http://heartbleed.com/ Debian will need to patch OpenSSL in sid, jessie, and wheezy, and all keys used with vulnerable processes will need to be replaced both in Debian infrastructure and by all users of this package. ___ Pkg-openssl-devel mailing list pkg-openssl-de...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-openssl-devel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
