Hello!
After reading the advisory DSA-2896-1 openssl -- security update
I have upgraded openssl on my servers to 1.0.1e-2+deb7u6
and tested them again with:
http://filippo.io/Heartbleed/#example.server.domain
http://rehmann.co/projects/heartbeat/?domain=example.server.domain&port=443&submit=Submit
And still I get "IS VULNERABLE" results!
Does it mean that tests are wrong or the package is not fixed?
After a while I have discovered that upgrading openssl package is not enough!
It is necessary to upgrade also packages (may be too many):
libcrypto1.0.0-udeb
libssl-dev
libssl-doc
libssl1.0.0
libssl1.0.0-dbg
IT SHOULD BE WRITTEN IN THE ADVISORY!!!!
Alternatively (better) openssl package should require
newer versions of necessary libraries.
With Best Regards,
Jerzy Sobczyk
--
------------------ Institute of Control and Computation Engineering ______
Jerzy Sobczyk Warsaw University of Technology /_/ |
j.sobc...@ia.pw.edu.pl Nowowiejska 15/19 / / /| |
http://www.ia.pw.edu.pl/~jurek 00-665 Warsaw, POLAND / / _>| |
tel. +48 22 234 7863 _____________ fax. +48 22 8253719 ________ /_/_/ |_|
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
