[Bug 1304042] Re: CVE-2014-0160
Seth Arnold
1304042 at bugs.launchpad.net
Mon Apr 7 23:50:07 UTC 2014
The changelog severities don't mean anything in Ubuntu.
Ubuntu's CVEs aren't tracked by severity, those are our internal
priority for fixing them.
All security bugs in Debian have a severity of "grave".
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1304042
Title:
CVE-2014-0160
Status in “openssl” package in Ubuntu:
Fix Released
Status in “openssl” package in Debian:
Unknown
Bug description:
The version of OpenSSL which is shipped with Ubuntu is vulnerable to
CVE-2014-0160. This is resolved with OpenSSL 1.0.1g
(https://www.openssl.org/news/secadv_20140407.txt). This is
*extremely* high severity, see heartbleed.com for full information.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1304042/+subscriptions
More information about the foundations-bugs
mailing list