On Tue, 08 Apr 2014 19:54:21 +0200 elrippo elrippo@elrippoisland.net wrote:
Hy there.
My Debian Wheezy box is using 1.0.1e-2+deb7u6 after the upgrade
I think this should be good :)
Thanks for the heads-up, turns out it was updated twice in a day.
I guess the 6th version is not as important if you remembered to manually restart everything that's using OpenSSL.
openssl (1.0.1e-2+deb7u6) wheezy-security; urgency=high
* Non-maintainer upload by the Security Team. * Enable checking for services that may need to be restarted * Update list of services to possibly restart
-- Salvatore Bonaccorso carnil@debian.org Tue, 08 Apr 2014 10:44:53 +0200
openssl (1.0.1e-2+deb7u5) wheezy-security; urgency=high
* Non-maintainer upload by the Security Team. * Add CVE-2014-0160.patch patch. CVE-2014-0160: Fix TLS/DTLS hearbeat information disclosure. A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.
-- Salvatore Bonaccorso carnil@debian.org Mon, 07 Apr 2014 22:26:55 +0200