On Tue, Apr 08, 2014 at 02:18:27PM +0300, Stefan Gofferje wrote:
On 04/08/2014 09:58 AM, Marcus Meissner wrote:
On Tue, Apr 08, 2014 at 08:15:59AM +0300, Stefan Gofferje wrote:
Hi,
any word on when to expect fixed OpenSSL libs for 12.3 and 13.1?
Hopefully today.
There is a fix announced now but it says
libopenssl-devel-32bit-1.0.1e-1.44.1 libopenssl1_0_0-32bit-1.0.1e-1.44.1 libopenssl1_0_0-debuginfo-32bit-1.0.1e-1.44.1
1.0.1e... According to the original CVE, 1.0.1e in still vulnerable: [snip] Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. [snap] (https://www.openssl.org/news/secadv_20140407.txt)
@Marcus: Was the team to quick quickfixing?
We are backporting security fixes as usual and not do version update. So here in that case we backported the fix for the issue. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org