If you are have a web server facing the public internet, turn off SSLv2
immediately. OpenSSL 1.0.2g has the fix but it will take a while to drip
down to the repos as it brings with it an ABI change.
The vulnerability is so bad[1], it doesn't only have a CVE number,
CVE-2016-0800[4], but a name
Am 01.03.2016 um 02:54 schrieb Marshall Neill:
> This is what I fail to understand; How did this get out of testing when
> obviously something is broke?
>
Erm... package-query is in the AUR. There is no testing. No garantees.
Just trust in the maintainers, who, by the way, are doing great jobs
mo
2 matches
Mail list logo
