DSA 2896-2 openssl - Apache 2 not detected as service to restart by postinst?

To: debian-security@lists.debian.org
Subject: DSA 2896-2 openssl - Apache 2 not detected as service to restart by postinst?
From: Fredrik Jonson <fredrik@jonson.org>
Date: Tue, 8 Apr 2014 16:01:37 +0000 (UTC)
Message-id: <[🔎] slrnlk87b1.frm.fredrik@biggles.jonson.org>

Hi,

After upgrading the packages in DSA 2896-2 (openssl security update),
the second version, 1.0.1e-2+deb7u6, that detects services to restart, I
noted that the postist script didn't suggest that I should restart
apache2.

As far as I can tell apache2 (apache2.2-bin) depends on libssl1.0.0 and
could be affected by CVE-2014-0160. Correct?

I note that the postinst script in libssl1.0.0 searches for the virtual
package apache2-common which is not installed on my servers.

Is this a bug in the postinst script, or is apache2 not affected, or is
it a user error to not have the virtual package installed?

BTW, thanks to all involved in Debian's rapid response to this CVE!
-- 
Fredrik Jonson

Reply to:

Follow-Ups:
- AW: DSA 2896-2 openssl - Apache 2 not detected as service to restart by postinst?
  - From: Felix Berlakovich <felix@berlakovich.at>
- Re: DSA 2896-2 openssl - Apache 2 not detected as service to restart by postinst?
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Re: debcheckroot v1.0 released
Next by Date: AW: DSA 2896-2 openssl - Apache 2 not detected as service to restart by postinst?
Previous by thread: Re: [SECURITY] [DSA 2895-1] prosody security update
Next by thread: AW: DSA 2896-2 openssl - Apache 2 not detected as service to restart by postinst?
Index(es):
- Date
- Thread