[packman] PMBS vulnerable to Heartbleed

Stefan Botter jsj at jsj.dyndns.org
Mon Apr 14 15:54:15 CEST 2014


On Mon, 14 Apr 2014 07:45:59 -0500
Malcolm <malcolmlewis at cableone.net> wrote:

> Hi
> I'm assuming it's just the certificate?
> 
> Via https://addons.mozilla.org/en-US/firefox/addon/heartbleed-checker/
> 
> http://paste.opensuse.org/414fd0fe
> 
> And then;
> 
> https://www.ssllabs.com/ssltest/analyze.html?d=pmbs.links2linux.de
> 

Yes, I know.
PMBS runs openSUSE 12.2, and there are no security updates anymore.
I am testing the update to 13.1 and OBS 2.5.1 right now on a different
machine, but so far no smooth update seams to be possible.

I asked Marc for a new certificate already, but without an updates
openssl lib this is not urgent.

We most probably should change the passwords anyway, along with the
email addresses, so that OBS' internal notification system is able to
send the messages. I will send an announcement, once the update is
done. I do not know when I can do the update, but it is high on my
priority-B ToDo list.

Greetings,

Stefan
-- 
Stefan Botter zu Hause
Bremen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.links2linux.de/pipermail/packman/attachments/20140414/c8a14211/attachment.sig>


More information about the Packman mailing list