On Fri, Mar 28, 2014 at 08:29:42PM -0400, Michael Gilbert wrote: > package: src:openssl > severity: important > version: 1.0.1e-2 > > A CVE has been issued for an information disclosure in openssl: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
This affects all version of openssl, but I guess we don't support 0.9.8 anymore and last time I looked upstream didn't fix it in that branch yet. As already discussed with the security team we'll fix this in a stable release update. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
