Cristian Rodríguez <crrodriguez@opensuse.org> schrieb am 21:48 Donnerstag, 10.April 2014: El 10/04/14 14:45, Ted Byers escribió:
Was the patch just applying the
fix to version 1.0.1e, and not an upgrade to version 1.0.1g?
Yes, unfortunately whoever made the patch decided not to update the openSSL version but just add a source code patch (not anticipating the myriad of questions we will get about it)
I pointed to the same confusion on the raspberry forum ( http://www.raspberrypi.org/forums/viewtopic.php?p=533499#p533499 ) since Debian also does that: https://security-tracker.debian.org/tracker/CVE-2014-0160 and http://heartbleed.com/ does not seem to notice this. This WILL raise questions. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org