On Tue, 08 Apr 2014 19:54:21 +0200
elrippo <elrippo@xxxxxxxxxxxxxxxxx> wrote:
> Hy there.
>
> My Debian Wheezy box is using 1.0.1e-2+deb7u6 after the upgrade
>
> I think this should be good :)
Thanks for the heads-up, turns out it was updated twice in a day.
I guess the 6th version is not as important if you remembered to manually
restart everything that's using OpenSSL.
openssl (1.0.1e-2+deb7u6) wheezy-security; urgency=high
* Non-maintainer upload by the Security Team.
* Enable checking for services that may need to be restarted
* Update list of services to possibly restart
-- Salvatore Bonaccorso <carnil@xxxxxxxxxx> Tue, 08 Apr 2014 10:44:53 +0200
openssl (1.0.1e-2+deb7u5) wheezy-security; urgency=high
* Non-maintainer upload by the Security Team.
* Add CVE-2014-0160.patch patch.
CVE-2014-0160: Fix TLS/DTLS hearbeat information disclosure.
A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.
-- Salvatore Bonaccorso <carnil@xxxxxxxxxx> Mon, 07 Apr 2014 22:26:55 +0200
--
With respect,
Roman
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays