I don't believe that Wheezy was vulnerable to Heartbleed. It was only the 1.0.1f (committed 31 Dec 2011) that incorporated the vulnerable heartbeat feature. My wheezy box has 1.0.1e:
ii libssl1.0.0:i386 1.0.1e-2+deb7u6 i386 SSL shared libraries ii openssl 1.0.1e-2+deb7u6 i386 Secure Socket Layer (SSL) binary and related cryptographic tools So you shouldn't have anything to worry about. HTH, --b On Thu, Apr 10, 2014 at 8:56 AM, Dr. Jennifer Nussbaum <bg271...@yahoo.com>wrote: > I'm running Debian Wheezy 7.4 on a server in Amazon's EC2, that i > installed, recently, from the official Debian AMI. I havent made any > changes to the package infrastructure. > > I'm trying to fix the Heartbleed bug, but my system seems to think > everything is up to date. > > My /etc/apt/sources.list has: > > deb http://cloudfront.debian.net/debian wheezy main > deb-src http://cloudfront.debian.net/debian wheezy main > deb http://cloudfront.debian.net/debian wheezy-updates main > deb-src http://cloudfront.debian.net/debian wheezy-updates main > > > I run "sudo apt-get update", and things get pulled down. > > > But when I run "sudo apt-get upgrade", I get: > > $ sudo apt-get upgrade > Reading package lists... Done > Building dependency tree > Reading state information... Done > 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. > > > My openssl is not up-to-date: > > $ openssl version -a > OpenSSL 1.0.1e 11 Feb 2013 > built on: Sat Feb 1 22:14:33 UTC 2014 > platform: debian-amd64 > > [...] > > I've waited a day in case theres some issue with the m irrors not getting > updated, but this still happens. Whats the right way to make my system > safe? All the instructions Ive seen say "apt-get update && apt-get upgrade" > will do it, but not in my case! > > Thanks! > > Jen > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: > https://lists.debian.org/1397134570.73145.yahoomail...@web124502.mail.ne1.yahoo.com > >
