FundaWang <fundawang@...> writes: > Hello, would pushing openssl 1.0.1d for three CVE security issues[1] a good idea? FYI, currently > openssl is listed as unmaintained in our packagers' database, but I've seen that guillomovitch are touch > this package recently. > [1]: http://www.openssl.org/news/secadv_20130205.txt
Here's an article with more info on the first security issue fixed: http://arstechnica.com/security/2013/02/lucky-thirteen-attack-snarfs-cookies-protected-by-ssl-encryption/