Bug#765639: Bug#802159: New OpenSSL upstream version

To: Moritz Mühlenhoff <jmm@inutil.org>, 765639@bugs.debian.org
Cc: "Adam D. Barratt" <adam@adam-barratt.org.uk>, Don Armstrong <don@debian.org>, 802159@bugs.debian.org, Julien Cristau <jcristau@debian.org>, Philipp Kern <pkern@debian.org>
Subject: Bug#765639: Bug#802159: New OpenSSL upstream version
From: Kurt Roeckx <kurt@roeckx.be>
Date: Sat, 9 Jan 2016 17:17:26 +0100
Message-id: <[🔎] 20160109161726.GA14779@roeckx.be>
Reply-to: Kurt Roeckx <kurt@roeckx.be>, 765639@bugs.debian.org
In-reply-to: <20151206104601.GA4415@pisco.westfalen.local>
References: <20151017203049.GA31760@roeckx.be> <20151020145704.GD4773@geta> <20151020181242.GF4773@geta> <20151020183730.GA12232@roeckx.be> <20151021200203.GL4773@geta> <1448390909.870.66.camel@adam-barratt.org.uk> <20151206104601.GA4415@pisco.westfalen.local>

On Sun, Dec 06, 2015 at 11:46:01AM +0100, Moritz Mühlenhoff wrote:
> Hi,
> Personally I'm in favour of following the openssl point updates and I'd
> like to add an additional data point to the discussion:
> 
> CVE-2015-3196 was already fixed as a plain bugfix in an earlier point
> release, but the security impact was only noticed later on, so following
> the point updates would have fixed this bug five months ago.

So now CVE-2015-7575 (SLOTH) has been made public.  This is yet an
other example of an issue fixed a long time ago.  It only affected
wheezy because was fixed just after the version in wheezy.

Kurt

Reply to:

Prev by Date: NEW changes in oldstable-new
Next by Date: Bug#807467: jessie-pu: package libapache-mod-fastcgi/2.4.7~0910052141-1.1+deb8u1
Previous by thread: Bug#810511: marked as done (unblock: fonts-tlwg/1:0.6.2-1)
Next by thread: Bug#765639: Bug#802159: New OpenSSL upstream version
Index(es):
- Date
- Thread