[Pkg-openssl-devel] Bug#744194: openssl: Updating main openssl package should warn about outdated derived packages
Dominik Röttsches
d-r at roettsches.de
Fri Apr 11 08:46:27 UTC 2014
Package: openssl
Version: 1.0.1g-2
Severity: wishlist
Dear Maintainer,
when updating my sid system to fix the Heartbleed bug, I only updated the openssl package from 1.0.1f to 1.0.1-g1, but not libssl1.0.0 for example, leaving a number of services initially vulnerable until I noticed my mistake.
I may not be the only one who did this mistake, hence I would suggest to either issue a warning that there are remaining outdated packages and suggest to update those as well, or introduce a dependency so that updating openssl requires updating the derived packages, if that's feasible.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.13-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssl depends on:
ii libc6 2.18-4
ii libssl1.0.0 1.0.1g-2
openssl recommends no packages.
Versions of packages openssl suggests:
ii ca-certificates 20140325
-- no debconf information
More information about the Pkg-openssl-devel
mailing list