[Pkg-openssl-devel] Bug#743883: Bug#743883: CVE-2014-0160 heartbeat read overrun (heartbleed)
Kurt Roeckx
kurt at roeckx.be
Mon Apr 7 21:45:26 UTC 2014
found 743883 1.0.1e-2
fixed 743883 + 1.0.1-g
fixed 743883 + 1.0.1e-2+deb7u5
close 743883
thanks
On Mon, Apr 07, 2014 at 09:11:09PM +0000, Travis Cross wrote:
> Package: openssl
> Version: 1.0.1f-1
> Severity: grave
>
> A serious flaw has been discovered in OpenSSL versions 1.0.1 through
> 1.0.1f. This bug can allow an attacker to read process memory on
> vulnerable systems leading to exposure of the private key. Please
> see:
>
> http://www.openssl.org/news/secadv_20140407.txt
> http://heartbleed.com/
>
> Debian will need to patch OpenSSL in sid, jessie, and wheezy, and all
> keys used with vulnerable processes will need to be replaced both in
> Debian infrastructure and by all users of this package.
>
> _______________________________________________
> Pkg-openssl-devel mailing list
> Pkg-openssl-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-openssl-devel
>
More information about the Pkg-openssl-devel
mailing list