[Bug 1306618] Re: openssl is not upgraded in repositories and is vulnerable to heartbleed

Fri Apr 11 16:10:58 UTC 2014

OpenSSL in Trusty has been updated in version 1.0.1f-1ubuntu2
(https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2). Trusty
is soon to be released and we're at the point of treating it like our
stable releases, as far as security updates go. That means that the
relevant patches are backported to the Trusty openssl package rather
than completely updating the version of our openssl package to the
latest upstream release. This helps prevents regressions in applications
that link against OpenSSL.

** Information type changed from Private Security to Public Security

** Changed in: openssl (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1306618

Title:
  openssl is not upgraded in repositories and is vulnerable to
  heartbleed

Status in “openssl” package in Ubuntu:
  Invalid

Bug description:
  I am using Ubuntu 14.04 LTS Trusty and the latest version of openssl
  installed and available in repositories is 1.0.1-f which is vulnerable
  to the heartbleed bug.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: openssl 1.0.1f-1ubuntu2
  ProcVersionSignature: Ubuntu 3.13.0-23.45-generic 3.13.8
  Uname: Linux 3.13.0-23-generic x86_64
  ApportVersion: 2.14.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Apr 11 18:08:53 2014
  InstallationDate: Installed on 2013-10-27 (166 days ago)
  InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Release amd64 (20131016.1)
  SourcePackage: openssl
  UpgradeStatus: Upgraded to trusty on 2014-02-20 (50 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1306618/+subscriptions