Re: james-fsck, that's the same issue that caused me to log this ticket
in the first place, as the backported versions didn't make it apparent
that they were up-to-date (neither version or date reflect it). Quite
misleading.
--
You received this bug notification because you are a member of Ubuntu
OK, apt-get changelog openssl shows that there is a backported fix (I
hate backported fixes because it makes it very hard to know if you have
a vulnerable version or not)...
I imagine having your version labeled 1.0.1f and dated in January will
probably generate more than a few support calls I thi
Heartbleed was fixed in Ubuntu 14.04 by the 1.0.1f-1ubuntu2 package that
I uploaded on April 7th.
>From the changelog:
openssl (1.0.1f-1ubuntu2) trusty; urgency=medium
* SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
- debian/patches/CVE-2014-0076.patch: add and u
14.04 is released in 2 days but this fix does not seem to be applied...
the USN notification lists only up to 13.10, but as of today:-
james@trinity:~$ openssl version
OpenSSL 1.0.1f 6 Jan 2014
james@trinity:~$ date
Tue Apr 15 16:56:45 BST 2014
james@trinity:~$ more /etc/lsb-release
DISTRIB_ID=
Set privacy to Public, as this is an already disclosed issue.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0160
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1304651
Title:
Nevermind, need to close this. Ubuntu has already addressed, the package
versioning was misleading (to me at least):
http://www.ubuntu.com/usn/usn-2165-1/
** Changed in: openssl (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
B
