Heartbleed openssl from 1.0.1 to 1.0.1g vulnerability
Gene Heskett
gheskett at wdtv.com
Wed Apr 9 09:39:35 UTC 2014
On Wednesday 09 April 2014 05:35:59 Nils Kassube did opine:
> Gene Heskett wrote:
> > Debian fixed it in 36 hours, that was what 3-4 days ago? Where is our
> > fixed package?
>
> I think this is it: <http://www.ubuntu.com/usn/usn-2165-1>
>
> But unfortunately not for you - either it is not yet available for 10.04
> 0r it is considered a desktop component and will not be fixed at all
> because the 10.04 desktop is obsolete. Maybe you should compile if from
> the source code ...
>
>
> Nils
Well, as I read the CVE, the vulnerability started with 1.0.1, but my
installed version is 0.9.8f or so. Perhaps that version is not
susceptible?
Seem like it would be prudent if someone from openssl could speak from a
position of authority and put our minds at ease if indeed that is the case.
Just sayin.
Cheers, Gene
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS
More information about the kubuntu-users
mailing list