Re: [SECURITY] [DSA 2950-1] openssl security update
Hi,
> > That was fixed last month - https://www.debian.org/security/2014/dsa-2931
>
> So that's fixed since 1.0.1e-2+deb7u9
>
> > >and CVE-2010-5298?
> >
> > https://security-tracker.debian.org/tracker/CVE-2010-5298 indicates that
> > this is only an issue if OPENSSL_NO_BUF_FREELIST is enabled, which it's not
> > in the Debian package. Is that not correct?
>
> This was fixed in DSA-2908-1 (1.0.1e-2+deb7u7)
Thanks for the info both of you! I just hadn't considered the possibility
that Debian could have fixed some security issues weeks before OpenSSL's
own advisory. And thanks for fixing them so fast to whoever is responsible!
:-)
Regards, Florian
Reply to: