[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why still heartbleed on Wheezy



On 20/04/14 06:39, Steve Litt wrote:
Hi all,

I installed Wheezy on my backup server, then did this:

apt-get update
apt-get upgrade

root@bupserv:/backupserver/stevebup# openssl version
OpenSSL 1.0.1e 11 Feb 2013
root@bupserv:/backupserver/stevebup#


Here's my /etc/apt/sources.list:

======================================
#

# deb cdrom:[Debian GNU/Linux 7.4.0 _Wheezy_ - Official amd64 NETINST
Binary-1 20140208-13:45]/ wheezy main

#deb cdrom:[Debian GNU/Linux 7.4.0 _Wheezy_ - Official amd64 NETINST
Binary-1 20140208-13:45]/ wheezy main

deb http://ftp.us.debian.org/debian/ wheezy main non-free contrib
deb-src http://ftp.us.debian.org/debian/ wheezy main non-free contrib

deb http://security.debian.org/ wheezy/updates main contrib non-free
deb-src http://security.debian.org/ wheezy/updates main contrib non-free

deb http://security.debian.org/debian-security wheezy/updates main

# wheezy-updates, previously known as 'volatile'
deb http://ftp.us.debian.org/debian/ wheezy-updates main contrib non-free
deb-src http://ftp.us.debian.org/debian/ wheezy-updates main contrib non-free
======================================

Any ideas how I should proceed?


By checking the revision of the release, rather than just the internal version number.

dom@ozzy:~$ dpkg-query -W openssl
openssl	1.0.1e-2+deb7u6

The "deb7u6" is the important bit. The "heartbleed" bug only exists in deb7u4 and earlier.

--
Dom


Reply to: