Re: Can't patch Heartbleed bug?
On Thu, Apr 10, 2014 at 09:18:00AM -0400, Brad Alexander wrote:
> I don't believe that Wheezy was vulnerable to Heartbleed. It was only the
> 1.0.1f (committed 31 Dec 2011) that incorporated the vulnerable heartbeat
> feature. My wheezy box has 1.0.1e:
> So you shouldn't have anything to worry about.
This is not accurate, OpenSSL 1.0.1 through 1.0.1f (inclusive) are
vulnerable. Please see
as well as