Bug#765639: Bug#802159: New OpenSSL upstream version

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: Don Armstrong <don@debian.org>, Kurt Roeckx <kurt@roeckx.be>, 802159@bugs.debian.org, Julien Cristau <jcristau@debian.org>, Philipp Kern <pkern@debian.org>, 765639@bugs.debian.org
Subject: Bug#765639: Bug#802159: New OpenSSL upstream version
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Sun, 6 Dec 2015 11:46:01 +0100
Message-id: <[🔎] 20151206104601.GA4415@pisco.westfalen.local>
Reply-to: Moritz Mühlenhoff <jmm@inutil.org>, 765639@bugs.debian.org
In-reply-to: <1448390909.870.66.camel@adam-barratt.org.uk>
References: <20151017203049.GA31760@roeckx.be> <20151020145704.GD4773@geta> <20151020181242.GF4773@geta> <20151020183730.GA12232@roeckx.be> <20151021200203.GL4773@geta> <1448390909.870.66.camel@adam-barratt.org.uk>

Hi,
Personally I'm in favour of following the openssl point updates and I'd
like to add an additional data point to the discussion:

CVE-2015-3196 was already fixed as a plain bugfix in an earlier point
release, but the security impact was only noticed later on, so following
the point updates would have fixed this bug five months ago.

(http://www.openssl.org/news/secadv/20151203.txt for details)

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Bug#765639: Bug#802159: New OpenSSL upstream version
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Bug#805634: tbl: auto-updating & apparmor (Re: Bug#805634: jessie-pu: torbrowser-launcher/0.2.2-2~deb8u1
Next by Date: Bug#805634: tbl: auto-updating & apparmor
Previous by thread: Bug#805634: [Pkg-privacy-maintainers] tbl: auto-updating & apparmor
Next by thread: Bug#765639: Bug#802159: New OpenSSL upstream version
Index(es):
- Date
- Thread