[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why still heartbleed on Wheezy

On Sun, Apr 20, 2014 at 5:39 AM, Steve Litt <slitt@troubleshooters.com> wrote:
> Hi all,
> I installed Wheezy on my backup server, then did this:
> apt-get update
> apt-get upgrade
> root@bupserv:/backupserver/stevebup# openssl version
> OpenSSL 1.0.1e 11 Feb 2013
> root@bupserv:/backupserver/stevebup#

Wheezy is the current stable so they aren't going to update an
important library to a new upstream version. Instead they backport
security patches to the current version. Check your package version.

dpkg -l openssl

According to the changelog [1], wheezy openssl got the heartbleed
patch on 1.0.1e-2+deb7u5 on April 7. The latest version as of this
email is 1.0.1e-2+deb7u7.

[1] http://metadata.ftp-master.debian.org/changelogs//main/o/openssl/openssl_1.0.1e-2+deb7u7_changelog



Reply to: