On 04/08/2014 09:58 AM, Marcus Meissner wrote:
On Tue, Apr 08, 2014 at 08:15:59AM +0300, Stefan Gofferje wrote:
Hi,
any word on when to expect fixed OpenSSL libs for 12.3 and 13.1?
Hopefully today.
There is a fix announced now but it says libopenssl-devel-32bit-1.0.1e-1.44.1 libopenssl1_0_0-32bit-1.0.1e-1.44.1 libopenssl1_0_0-debuginfo-32bit-1.0.1e-1.44.1 1.0.1e... According to the original CVE, 1.0.1e in still vulnerable: [snip] Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. [snap] (https://www.openssl.org/news/secadv_20140407.txt) @Marcus: Was the team to quick quickfixing? -S -- (o_ Stefan Gofferje | SCLT, MCP, CCSA //\ Reg'd Linux User #247167 | VCP #2263 V_/_ Heckler & Koch - the original point and click interface