Package: openssl Version: 1.0.1g-2 Severity: wishlist Dear Maintainer,
when updating my sid system to fix the Heartbleed bug, I only updated the openssl package from 1.0.1f to 1.0.1-g1, but not libssl1.0.0 for example, leaving a number of services initially vulnerable until I noticed my mistake. I may not be the only one who did this mistake, hence I would suggest to either issue a warning that there are remaining outdated packages and suggest to update those as well, or introduce a dependency so that updating openssl requires updating the derived packages, if that's feasible. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.13-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssl depends on: ii libc6 2.18-4 ii libssl1.0.0 1.0.1g-2 openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20140325 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
