On Tue, 2014-04-08 at 18:47 -0700, Gregory Maxwell wrote: > On Tue, Apr 8, 2014 at 6:44 PM, Chuck Forsberg WA7KGX <caf@xxxxxxxx> wrote: > > According to the announcement, that version is vulnerable. > > Of the 1.01 versions, only 1.01g is saf(er). > > RedHat backported the fix as the openssl in fedroda/rhel is carrying a > ton of patches. > > I expect this is going to cause a lot of confusion. I don't see why. Backporting security fixes is standard procedure and has been for decades. It would be extremely irresponsible to just shove out a new and untested openssl build as a stable update. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
