Hi On Tue, Apr 8, 2014 at 9:29 AM, Pierre Schmitz <pierre@archlinux.de> wrote:
Am 08.04.2014 17:29, schrieb Neal Oakey:
Hi,
there is an Bug(1) in OpenSSL 1.0.1 and as far as I'm informed this has only been patched in 1.0.1g. Many other Distributions have build there own patch, what is with us? Currently we have "1.0.1.f-2" which is effected as far as I can know.
Greetings Neal
1) (sry, German) http://www.golem.de/news/sicherheitsluecke-keys-auslesen-mit-openssl-1404-10...
I actually did push an updated package within 3 hours after the public announcement. I think that is pretty reasonable especially since we are not among the fortunate distros and companies that were notified beforehand.
Is there any "secret security list" for distros where such issues are discussed/notified before a vulnerable gets public attention? If there is one then Arch should be added there as well.