[Bug 1307532] Re: OpenSSL is not up-to-date in Ubuntu 13.10
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Apr 14 16:20:34 UTC 2014
What exactly are you warning us about?
Security fixes are backported to the stable openssl versions that are in
each release.
For example, heartbleed (CVE-2014-0160) was fixed in 1.0.1e-3ubuntu1.2
released April 7th with the following USN:
http://www.ubuntu.com/usn/usn-2165-1/
** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-0160
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1307532
Title:
OpenSSL is not up-to-date in Ubuntu 13.10
Status in “openssl” package in Ubuntu:
Invalid
Bug description:
I have noticed that OpenSSL and libssl have been updated to release
1.0.1e. When you take a careful look at the latest release on the
official site, it's 1.0.1g: http://www.openssl.org/news/
You might want to check this screenshot on my machine:
https://docs.google.com/document/d/1UaYD0IhZdpeZydJ8MA1h5nOjTBbFLlW8VSI3LSoKTY4/edit?usp=sharing
The OpenSSL version is 1.0.1e when the latest official sources are
1.0.1g!
Build date and version are 2 very different things!
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1307532/+subscriptions
More information about the foundations-bugs
mailing list