It is exciting, the first bug and 270 packages upgraded. :)
If you use curl or related packages the new openssl renders unrelated packages unusable. If you do not mind and even use wget then it is OK, otherwise use the older version of openssl.
https://bugs.debian.org/cgi-bin/bugrepo ... bug=768476
[irrelevant] openssl (serious bug)
Forum rules
Please supply only the affected package name as title, with bugreport number (bugs.debian.org) or other sources. This feed can be subscribed to and piped into your RSS reader or conky: http://linuxbbq.org/bbs/feed.php?mode=news
Please supply only the affected package name as title, with bugreport number (bugs.debian.org) or other sources. This feed can be subscribed to and piped into your RSS reader or conky: http://linuxbbq.org/bbs/feed.php?mode=news
- ivanovnegro
- Minister of Truth
- Posts: 5451
- Joined: Wed Oct 17, 2012 11:12 pm
-
- Baconator
- Posts: 10253
- Joined: Thu Sep 16, 2010 11:03 am
- Location: Pfälzerwald
- Contact:
Re: openssl (serious bug)
Thanks DD.
Interesting, the bug report mentions 1.0.2~beta3-1. I do have experimental enabled, and I'm some versions behind/ahead. Seems they pulled the affected version back, and the bug report is from November last year. The last report on the matter is from April 5, but in the meanwhile curl got an upgrade on April 29. I'd "lean out of the window" and say: safe to upgrade :D
Code: Select all
user@grill:~$ policy openssl
openssl:
Installed: 1.0.2a-1
Candidate: 1.0.2a-1
Version table:
*** 1.0.2a-1 0
500 http://ftp.cn.debian.org/debian/ unstable/main i386 Packages
100 /var/lib/dpkg/status
user@grill:~$ policy libssl1.0.0
libssl1.0.0:
Installed: 1.0.2a-1
Candidate: 1.0.2a-1
Version table:
*** 1.0.2a-1 0
500 http://ftp.cn.debian.org/debian/ unstable/main i386 Packages
100 /var/lib/dpkg/status
..gnutella..
- ivanovnegro
- Minister of Truth
- Posts: 5451
- Joined: Wed Oct 17, 2012 11:12 pm
Re: openssl (serious bug)
You might be right. As for the old bug report, it was because people installed from experimental at that time.
You have already the newest openssl but then I have already the newest libssl1.0.0. I guess we can ignore the bug. I let it open for a while because people whined on the BTS. :)
You have already the newest openssl but then I have already the newest libssl1.0.0. I guess we can ignore the bug. I let it open for a while because people whined on the BTS. :)
-
- Baconator
- Posts: 10253
- Joined: Thu Sep 16, 2010 11:03 am
- Location: Pfälzerwald
- Contact:
- ivanovnegro
- Minister of Truth
- Posts: 5451
- Joined: Wed Oct 17, 2012 11:12 pm
Re: openssl (serious bug)
Installed the new version, see no reason why not to upgrade. :P
-
- Baconator
- Posts: 10253
- Joined: Thu Sep 16, 2010 11:03 am
- Location: Pfälzerwald
- Contact:
Re: [irrelevant] openssl (serious bug)
Same here, if the openssl package is missing, eg. links https://github.com will print an error and bail out. Installing the so-called 'buggy' openssl package works fine. Thanks for releasing the ban :D
..gnutella..