[Pkg-openssl-devel] Bug#775022: Important security update
Klaus Ethgen
Klaus at Ethgen.de
Sat Jan 10 10:42:56 UTC 2015
Package: openssl
Version: 1.0.1e-2+deb7u13
Severity: critical
There is currently a really important security update out [0]. Please
provide Debian stable with this security fix.
The most important fixes (although the developers tagged them as low
severity) are:
- CVE-2014-3572
- CVE-2015-0204
- CVE-2015-0205
As this are candidates to completely weaken the encrypted connections
that should be fixed pretty soon.
Again to say, the developers are absolutely wrong with the severity.
This bugs have a critical severity!
[0] https://www.openssl.org/news/secadv_20150108.txt
-- System Information:
Debian Release: 7.7
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) (ignored: LC_ALL set to de_DE)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssl depends on:
ii libc6 2.13-38+deb7u6
ii libssl1.0.0 1.0.1e-2+deb7u13
ii zlib1g 1:1.2.7.dfsg-13
openssl recommends no packages.
Versions of packages openssl suggests:
ii ca-certificates 20130119+deb7u1
-- Configuration Files:
/etc/ssl/openssl.cnf changed [not included]
-- no debconf information
More information about the Pkg-openssl-devel
mailing list