Re: Bugs in openssl and gnutls

To: debian-kde@lists.debian.org
Subject: Re: Bugs in openssl and gnutls
From: Stuart Prescott <stuart@debian.org>
Date: Wed, 11 Jun 2014 09:06:19 +1000
Message-id: <[🔎] ln831d$u3f$1@ger.gmane.org>
References: <[🔎] 20140610110418.3c31064a@localb.wexfordpress.net>

Hi John,

> I am interested in finding out if the Debian
> community is aware of these problems and if
> the fixed versions have been added to the
> repositories.

Yes, Debian is well aware of such things. You can find a list of the Debian 
Security Advisories that accompany fixed packages at

	https://www.debian.org/security/

and you will see gnutls and openssl in that list.

For the stable release (Debian 7 "Wheezy"), fixes are backported and the 
usptream version number does not change. You won't find openssl 1.0.1h in 
wheezy but you will instead find 1.0.1e with the relevant fixes added to it. 
For unstable ("sid"), you need to wait for the maintainer to upload a new 
version of the package (the gnutls and openssl maintainers have been very 
prompt in doing so) while for testing ("Jessie") you will either need either 
grab the packages from sid manually or wait for the packages to migrate 
through the normal testing migration process.

You might like to subscribe to the debian-security-announce mailing list 
where the advisories are posted. It's typically only about 30 messages per 
month. There's also an RSS feed if you'd prefer that.

cheers
Stuart

-- 
Stuart Prescott    http://www.nanonanonano.net/   stuart@nanonanonano.net
Debian Developer   http://www.debian.org/         stuart@debian.org
GPG fingerprint    90E2 D2C1 AD14 6A1B 7EBB 891D BBC1 7EBB 1396 F2F7

Reply to:

References:
- Bugs in openssl and gnutls
  - From: john Culleton <John@wexfordpress.com>

Prev by Date: Bugs in openssl and gnutls
Next by Date: Re: Fwd: Re: caldav sync broken?
Previous by thread: Bugs in openssl and gnutls
Next by thread: Howto Get kde desktop to run ?
Index(es):
- Date
- Thread