On 2014-06-05 15:46, Florian Zumbiehl wrote:
Hi,Package : opensslCVE ID : CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470is it intentional that you didn't fix CVE-2014-0198
That was fixed last month - https://www.debian.org/security/2014/dsa-2931
and CVE-2010-5298?
https://security-tracker.debian.org/tracker/CVE-2010-5298 indicates that this is only an issue if OPENSSL_NO_BUF_FREELIST is enabled, which it's not in the Debian package. Is that not correct?
Regards, Adam