Package: openssl Version: 1.0.1e-2+deb7u13 Severity: critical There is currently a really important security update out [0]. Please provide Debian stable with this security fix.
The most important fixes (although the developers tagged them as low severity) are: - CVE-2014-3572 - CVE-2015-0204 - CVE-2015-0205 As this are candidates to completely weaken the encrypted connections that should be fixed pretty soon. Again to say, the developers are absolutely wrong with the severity. This bugs have a critical severity! [0] https://www.openssl.org/news/secadv_20150108.txt -- System Information: Debian Release: 7.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) (ignored: LC_ALL set to de_DE) Shell: /bin/sh linked to /bin/dash Versions of packages openssl depends on: ii libc6 2.13-38+deb7u6 ii libssl1.0.0 1.0.1e-2+deb7u13 ii zlib1g 1:1.2.7.dfsg-13 openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20130119+deb7u1 -- Configuration Files: /etc/ssl/openssl.cnf changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
