Bug#743883: [Pkg-openssl-devel] Bug#743883: Bug#743883: CVE-2014-0160 heartbeat read overrun (heartbleed)

2014-04-09 Thread Gregor Riepl
On 08/04/14 18:32, Kurt Roeckx wrote: jessie is still vulnerable at 1.0.1f-1. jessie has 1.0.1g-1 already, which should fix it. Thank you, it just took a little longer for the package to hit my mirror. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of

Bug#743883: [Pkg-openssl-devel] Bug#743883: Bug#743883: CVE-2014-0160 heartbeat read overrun (heartbleed)

2014-04-08 Thread Kurt Roeckx
On Tue, Apr 08, 2014 at 03:37:45PM +0200, Gregor Riepl wrote: found 743883 1.0.1e-2 fixed 743883 + 1.0.1-g fixed 743883 + 1.0.1e-2+deb7u5 jessie is still vulnerable at 1.0.1f-1. jessie has 1.0.1g-1 already, which should fix it. Kurt -- To UNSUBSCRIBE, email to

Bug#743883: CVE-2014-0160 heartbeat read overrun (heartbleed)

2014-04-08 Thread gmitpro
When will jessie be updated? The website still has 1.0.1f-1 and the Debian Changelog shows Not found page. https://packages.debian.org/jessie/openssl http://metadata.ftp-master.debian.org/changelogs//main/o/openssl/openssl_1.0.1f-1_changelog apt-get also gives 1.0.1f-1 Please fix. -- To

Bug#743883: [Pkg-openssl-devel] Bug#743883: CVE-2014-0160 heartbeat read overrun (heartbleed)

2014-04-08 Thread Kurt Roeckx
On Tue, Apr 08, 2014 at 02:18:53PM -0400, gmitpro wrote: When will jessie be updated? The website still has 1.0.1f-1 and the Debian Changelog shows Not found page. https://packages.debian.org/jessie/openssl

Bug#743883: [Pkg-openssl-devel] Bug#743883: CVE-2014-0160 heartbeat read overrun (heartbleed)

2014-04-08 Thread Kurt Roeckx
On Tue, Apr 08, 2014 at 08:43:11PM +0200, Kurt Roeckx wrote: On Tue, Apr 08, 2014 at 02:18:53PM -0400, gmitpro wrote: When will jessie be updated? The website still has 1.0.1f-1 and the Debian Changelog shows Not found page. https://packages.debian.org/jessie/openssl

Bug#743883: CVE-2014-0160 heartbeat read overrun (heartbleed)

2014-04-08 Thread Thomas DEBESSE
Warning, openssl=1.0.1e-2+deb7u6 depends on libssl1.0.0= 1.0.1, so, updating openssl without updating the whole world does not update libssl. It would be an excellent idea if openssl=1.0.1e-2+deb7u6 depends on libssl1.0.0=1.0.1e-2+deb7u6 if someone wants install this security fix without

Bug#743883: CVE-2014-0160 heartbeat read overrun (heartbleed)

2014-04-07 Thread Travis Cross
Package: openssl Version: 1.0.1f-1 Severity: grave A serious flaw has been discovered in OpenSSL versions 1.0.1 through 1.0.1f. This bug can allow an attacker to read process memory on vulnerable systems leading to exposure of the private key. Please see:

Bug#743883: [Pkg-openssl-devel] Bug#743883: CVE-2014-0160 heartbeat read overrun (heartbleed)

2014-04-07 Thread Kurt Roeckx
found 743883 1.0.1e-2 fixed 743883 + 1.0.1-g fixed 743883 + 1.0.1e-2+deb7u5 close 743883 thanks On Mon, Apr 07, 2014 at 09:11:09PM +, Travis Cross wrote: Package: openssl Version: 1.0.1f-1 Severity: grave A serious flaw has been discovered in OpenSSL versions 1.0.1 through 1.0.1f.