On 2014-04-10 15:49, Lisi Reisz wrote:
On Thursday 10 April 2014 14:18:00 Brad Alexander wrote:
I don't believe that Wheezy was vulnerable to Heartbleed. It was
only the 1.0.1f (committed 31 Dec 2011) that incorporated the
vulnerable heartbeat feature. My wheezy box has 1.0.1e:
ii libssl1.0.0:i386 1.0.1e-2+deb7u6
i386 SSL shared libraries
ii openssl 1.0.1e-2+deb7u6
i386 Secure Socket Layer (SSL) binary and related
cryptographic tools
I have:
lisi@Tux-II:~$ dpkg-query -l openssl
Desired=Unknown/Install/Remove/Purge/Hold
|
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-================-=============-=============-===============================
ii openssl 1.0.1e-2+deb7 amd64 Secure Socket Layer
(SSL) binar
lisi@Tux-II:~$
No u-anything. I take it that that is still alright since it is
anyway Wheezy?
Lisi
https://www.debian.org/security/2014/dsa-2896
"For the stable distribution (wheezy), this problem has been fixed in
version 1.0.1e-2+deb7u5."
means wheezy was also vulnerable
root@swotrs:~# dpkg -l openssl
Desired=Unknown/Install/Remove/Purge/Hold
|
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture
Description
+++-=========================-=================-=================-========================================================
ii openssl 1.0.1e-2+deb7u6 amd64 Secure
Socket Layer (SSL) binary and related cryptograph
is the good version in wheezy
br
Andre
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/e3a5f544d1d6a97a0b409ae01ca52...@cyberh0me.net
