Re: Aw: Re: [SECURITY] [DSA 2896-1] openssl security update

2014-04-11 Thread Paul Wise
On Sat, Apr 12, 2014 at 10:01 AM, daniel wrote: > Mod_spdy has a statically-linked vulnerable version of OpenSSL That sounds like a pretty bad bug in your copy of mod_spdy, please ask the vendor of your copy of mod_spdy to fix this by depending on the OpenSSL shared library instead of statically

Re: Aw: Re: [SECURITY] [DSA 2896-1] openssl security update

2014-04-11 Thread daniel
4.2? > > (for mod_spy you need an Apache HTTP Server 2.4.X, in squeeze there > is only 2.2.16 ...) > >> Gesendet: Freitag, 11. April 2014 um 17:26 Uhr Von: daniel >> An: debian-security@lists.debian.org Cc: "- >> Noflag" Betreff: Re: [SECURITY] [DSA >&g

Re: [SECURITY] [DSA 2896-1] openssl security update

2014-04-11 Thread Dirk Hartmann
On 11.04.2014, at 17:26, daniel wrote: > > We are very concerned about the 'Heartbeat' security problem which has > been discovered with OpenSSL. Thanks to our out-of-date old-stable > version of debian, we are using: > > openssl 0.9.8o-4squeeze14 > > This page also claims debian 6 (which we

Aw: Re: [SECURITY] [DSA 2896-1] openssl security update

2014-04-11 Thread Estelmann, Christian
g" > Betreff: Re: [SECURITY] [DSA 2896-1] openssl security update > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Dear all, > > We are very concerned about the 'Heartbeat' security problem which has > been discovered with OpenSSL. Thanks to o

Re: [SECURITY] [DSA 2896-1] openssl security update

2014-04-11 Thread daniel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear all, We are very concerned about the 'Heartbeat' security problem which has been discovered with OpenSSL. Thanks to our out-of-date old-stable version of debian, we are using: openssl 0.9.8o-4squeeze14 This page also claims debian 6 (which we