Needs Major Security Update: CVE-2014-0224

Kevin Stange kstange at
Sat Jun 14 01:48:15 EDT 2014

On 06/13/2014 11:08 PM, Daniel Atallah wrote:
> On Jun 13, 2014 11:52 PM, "Elliott Sales de Andrade" <qulogic at
> <mailto:qulogic at>> wrote:
>> Hi Daniel,
>> Can you also check into d.p.i as well? It's supposedly
> vulnerable-but-maybe-not-exploitable...
> I already did.
> We'll need to wait until Debian squeeze has updated openssl packages.

Squeeze is EOL, so there will not be any updates for mainline squeeze,
but there is an LTS effort that comes from another repository.  Do we
have this in sources.list?

Alternative, of course, is to dist-upgrade to Wheezy.

The update for OpenSSL is available, as noted here:


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the security mailing list