On Thu, 10 Apr 2014, Francis Russell wrote: > As a consequence of this bug, release 1.0.1.g-2 of Debian openssl > which restarts services that are affected by the Heartbleed bug > (http://heartbleed.com/) will not restart Cyrus. The old Cyrus > process will be left running, potentially a source of a serious > security compromise.
There is no "potentially". It *will* leak private data over Heartbleed. http://lists.andrew.cmu.edu/pipermail/cyrus-devel/2014-April/002971.html -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
