Am 11.04.2014 06:53, schrieb Viktor Dukhovni: > Note that various vendor SSL updates for "Heartbleed" may not > exhibit the issue. For example, Debian wheezy back-ported just the > relevant bug-fix to without back-porting the new padding extension. > I also expect similar (fortunate) behaviour on system's with OpenSSL > patched by RedHat, and various others
confirmed for RedHat, at least i expect the same changeset for RHEL and Fedora https://koji.fedoraproject.org/koji/packageinfo?packageID=109 openssl-1.0.1e-37.fc19.1 / openssl-1.0.1e-37.fc20.1 * Mon Apr 07 2014 Dennis Gilmore <den...@ausil.us> - 1.0.1e-37.1 - pull in upstream patch for CVE-2014-0160 - removed CHANGES file portion from patch for expediency * Tue Jan 07 2014 Tomáš Mráz <tm...@redhat.com> 1.0.1e-37 - fix CVE-2013-4353 - Invalid TLS handshake crash - fix CVE-2013-6450 - possible MiTM attack on DTLS1