Hello! After reading the advisory DSA-2896-1 openssl -- security update I have upgraded openssl on my servers to 1.0.1e-2+deb7u6 and tested them again with: http://filippo.io/Heartbleed/#example.server.domain http://rehmann.co/projects/heartbeat/?domain=example.server.domain&port=443&submit=Submit And still I get "IS VULNERABLE" results! Does it mean that tests are wrong or the package is not fixed?
After a while I have discovered that upgrading openssl package is not enough! It is necessary to upgrade also packages (may be too many): libcrypto1.0.0-udeb libssl-dev libssl-doc libssl1.0.0 libssl1.0.0-dbg IT SHOULD BE WRITTEN IN THE ADVISORY!!!! Alternatively (better) openssl package should require newer versions of necessary libraries. With Best Regards, Jerzy Sobczyk -- ------------------ Institute of Control and Computation Engineering ______ Jerzy Sobczyk Warsaw University of Technology /_/ | j.sobc...@ia.pw.edu.pl Nowowiejska 15/19 / / /| | http://www.ia.pw.edu.pl/~jurek 00-665 Warsaw, POLAND / / _>| | tel. +48 22 234 7863 _____________ fax. +48 22 8253719 ________ /_/_/ |_| -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org