[Pkg-openssl-devel] Bug#742923: Bug#742923: openssl: CVE-2014-0076
Kurt Roeckx
kurt at roeckx.be
Sat Mar 29 14:53:20 UTC 2014
On Fri, Mar 28, 2014 at 08:29:42PM -0400, Michael Gilbert wrote:
> package: src:openssl
> severity: important
> version: 1.0.1e-2
>
> A CVE has been issued for an information disclosure in openssl:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
This affects all version of openssl, but I guess we don't support
0.9.8 anymore and last time I looked upstream didn't fix it in
that branch yet. As already discussed with the security team
we'll fix this in a stable release update.
Kurt
More information about the Pkg-openssl-devel
mailing list