Re: OpenSSL Heartbleed bug, Apache still vulnerable?

To: debian-user@lists.debian.org
Subject: Re: OpenSSL Heartbleed bug, Apache still vulnerable?
From: Jochen Spieker <ml@well-adjusted.de>
Date: Wed, 9 Apr 2014 19:22:53 +0200
Message-id: <[🔎] 20140409172252.GI21675@well-adjusted.de>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] slrnlkb06t.41o.curty@einstein.electron.org>
References: <[🔎] 20140408144912.GA21675@well-adjusted.de> <[🔎] 53441672.1000604@gmail.com> <[🔎] 20140408171554.GC21675@well-adjusted.de> <[🔎] 2aj41372liv8@mids.svenhartge.de> <[🔎] 20140408190254.GD21675@well-adjusted.de> <[🔎] 3aj474n2liv8@mids.svenhartge.de> <[🔎] 20140408204036.GE21675@well-adjusted.de> <[🔎] 20140409160959.GH21675@well-adjusted.de> <[🔎] slrnlkb06t.41o.curty@einstein.electron.org>

Curt:
> On 2014-04-09, Jochen Spieker <ml@well-adjusted.de> wrote:
>> 
>> The repository now contains a fixed version (0.9.4.2-r413). I tested it
>> and the new version looks fine.
> 
> Don't mean to hijack, but is this a useful tool?  
> 
> http://filippo.io/Heartbleed/

Yes, it is. Qualys tests for the new attack as well now:

https://www.ssllabs.com/ssltest/

J.
-- 
I use a Playstation to block out the existence of my partner.
[Agree]   [Disagree]
                 <http://www.slowlydownward.com/NODATA/data_enter2.html>

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
  - From: Curt <curty@free.fr>

References:
- OpenSSL Heartbleed bug, Apache still vulnerable?
  - From: Jochen Spieker <ml@well-adjusted.de>
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
  - From: Scott Ferguson <scott.ferguson.debian.user@gmail.com>
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
  - From: Jochen Spieker <ml@well-adjusted.de>
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
  - From: Sven Hartge <sven@svenhartge.de>
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
  - From: Jochen Spieker <ml@well-adjusted.de>
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
  - From: Sven Hartge <sven@svenhartge.de>
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
  - From: Jochen Spieker <ml@well-adjusted.de>
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
  - From: Jochen Spieker <ml@well-adjusted.de>
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
  - From: Curt <curty@free.fr>

Prev by Date: Re: OpenSSL Heartbleed bug, Apache still vulnerable?
Next by Date: Re: OpenSSL Heartbleed bug, Apache still vulnerable?
Previous by thread: Re: OpenSSL Heartbleed bug, Apache still vulnerable?
Next by thread: Re: OpenSSL Heartbleed bug, Apache still vulnerable?
Index(es):
- Date
- Thread