Serious OpenSSL vulnerability
Martín Marqués
martin at 2ndquadrant.com
Tue Apr 8 15:14:55 UTC 2014
2014-04-08 9:59 GMT-03:00 Matthew Miller <mattdm at fedoraproject.org>:
> On Tue, Apr 08, 2014 at 08:28:00AM -0300, Martín Marqués wrote:
>> > https://admin.fedoraproject.org/updates/openssl-1.0.1e-37.fc20.1
>> > https://admin.fedoraproject.org/updates/openssl-1.0.1e-37.fc19.1
>> Why did we get so behind this? I was expecting the upgrade to be
>> available by now (I was able to upgrade some Debian servers already 8
>> hours ago).
>
> Debian was super-fast. Having been up most of the night working on this with
> a number of other people, I think I have a pretty good handle on saying that
> we were as fast as possible with our processes and procedures. If you think
> we should be faster, I encourage you to get involved in making that happen.
> The Fedora Security SIG is
> <https://fedoraproject.org/wiki/Category:Security>
I have to agree that I'm to blame about that. I updated a Debian
server we have last night and just thought "tomorrow I'll update my
two Fedora workstation" not checking if the packages were already
available.
If I would have checked at that moment, I'd noticed that the F19/F20
packages were not available yet. If I would have checked, I would have
gotten involved. I guess I was to confident on the packages being
there. My bad, I should have checked.
Good thing it that the koji packages were really easy to install using
koji, although I prefer using rpm -Fvh to install after downloading.
:D
+1 there!
--
Martín Marqués http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
More information about the users
mailing list