[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Can't patch Heartbleed bug?

On Thursday 10 April 2014 14:18:00 Brad Alexander wrote:
> I don't believe that Wheezy was vulnerable to Heartbleed. It was
> only the 1.0.1f (committed 31 Dec 2011) that incorporated the
> vulnerable heartbeat feature. My wheezy box has 1.0.1e:
>
> ii  libssl1.0.0:i386                     1.0.1e-2+deb7u6
> i386         SSL shared libraries
> ii  openssl                              1.0.1e-2+deb7u6
> i386         Secure Socket Layer (SSL) binary and related
> cryptographic tools

I have:

lisi@Tux-II:~$ dpkg-query -l openssl
Desired=Unknown/Install/Remove/Purge/Hold
| 
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name             Version       Architecture  Description
+++-================-=============-=============-===============================
ii  openssl          1.0.1e-2+deb7 amd64         Secure Socket Layer 
(SSL) binar
lisi@Tux-II:~$

No u-anything.  I take it that that is still alright since it is 
anyway Wheezy?

Lisi
Reply to: