[Mageia-dev] Freeze push or not? openssl-1.0.1d

David Walser luigiwalser at yahoo.com
Wed Feb 6 20:50:52 CET 2013


FundaWang <fundawang at ...> writes:
> Hello, would pushing openssl 1.0.1d for three CVE security issues[1] a good
idea?  FYI, currently
> openssl is listed as unmaintained in our packagers' database, but I've seen
that guillomovitch are touch
> this package recently.
> [1]: http://www.openssl.org/news/secadv_20130205.txt

Here's an article with more info on the first security issue fixed:
http://arstechnica.com/security/2013/02/lucky-thirteen-attack-snarfs-cookies-protected-by-ssl-encryption/



More information about the Mageia-dev mailing list