OpenSSL packages are vulnerable to CVE-2014-0160
Bug #1304457 reported by
Simon Howard
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Raspbian |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
A serious bug was recently reported in OpenSSL (CVE-2014-0160). More info is available at http://
Debian has fixed this in 1.0.1e-2+deb7u5 but Raspbian is still on 1.0.1e-2+rvt+deb7u4
CVE References
Revision history for this message
| peter green (plugwash) wrote | #1 |
| Changed in raspbian: | |
| status: | New → Fix Released |
| information type: | Private Security → Public Security |
To post a comment you must log in.
This should be fixed in 1.0.1e-2+rvt+deb7u5 which i'm pushing out at the momement.
Sorry for the delay, we had some infrustructure issues which combined with this patch needing manual attention due to previous changes we made to openssl have slowed things down a bit.