On Thu, Apr 10, 2014 at 03:54:38PM +0200, Florian Ernst wrote: > On Thu, Apr 10, 2014 at 09:18:00AM -0400, Brad Alexander wrote: > > I don't believe that Wheezy was vulnerable to Heartbleed. It was only the > > 1.0.1f (committed 31 Dec 2011) that incorporated the vulnerable heartbeat > > feature. My wheezy box has 1.0.1e: > > [...] > > So you shouldn't have anything to worry about. > > This is not accurate, OpenSSL 1.0.1 through 1.0.1f (inclusive) are > vulnerable. Please see > https://www.debian.org/security/2014/dsa-2896
Which says: For the stable distribution (wheezy), this problem has been fixed in version 1.0.1e-2+deb7u5. and then later this was upgraded to 1.0.1e-2+deb7u6. Looking at the 1.0.1e is not sufficient. -dsr- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140410141459.ga26...@randomstring.org
