On Thu, Apr 10, 2014 at 09:18:00AM -0400, Brad Alexander wrote: > I don't believe that Wheezy was vulnerable to Heartbleed. It was only the > 1.0.1f (committed 31 Dec 2011) that incorporated the vulnerable heartbeat > feature. My wheezy box has 1.0.1e: > [...] > So you shouldn't have anything to worry about.
This is not accurate, OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable. Please see https://www.debian.org/security/2014/dsa-2896 as well as http://heartbleed.com/ Cheers, Flo -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
