DSA 2896-2 openssl - Apache 2 not detected as service to restart by postinst?
Hi,
After upgrading the packages in DSA 2896-2 (openssl security update),
the second version, 1.0.1e-2+deb7u6, that detects services to restart, I
noted that the postist script didn't suggest that I should restart
apache2.
As far as I can tell apache2 (apache2.2-bin) depends on libssl1.0.0 and
could be affected by CVE-2014-0160. Correct?
I note that the postinst script in libssl1.0.0 searches for the virtual
package apache2-common which is not installed on my servers.
Is this a bug in the postinst script, or is apache2 not affected, or is
it a user error to not have the virtual package installed?
BTW, thanks to all involved in Debian's rapid response to this CVE!
--
Fredrik Jonson
Reply to: