Bug 120: CLOSED
openssl in packages/cooking not patched for heartbleed bug?
Date: 2014-05-12 21:36 - Creator: nneul - Priority critical - 4 messages
Tried updating to both the latest in packages/cooking as well as direct download from cook.slitaz.org - both still result in a system that shows as vulnerable when running httpd.
Affected package(s): openssl
Messages
By: nneul on 2014-05-12 21:39
Sorry, my mistake - files are in different package. disregard.
By: nneul on 2014-05-12 22:12
It was libssl that needed updated. However, this raises another question - it seems like the package that is out in packages/cooking still has the symptom, whereas one downloaded directly from cook.slitaz.org shows as non-vulnerable. Both were listed as 1.0.1g.
By: mojo on 2014-05-15 13:25
What is the md5sum fingerprint of the non-vulnerable libssl-1.0.1g.tazpkg
By: nneul on 2014-09-13 19:52
Sorry, didn't see this update, no longer in a position to reproduce the same circumstances as this bug was filed.