[Slackbuilds-users] Cauterizing heartbleed (CVE-2014-0160)

[Willy Sudiarto Raharjo]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Given the pervasive effects of the heartbeat OpenSSL flaw (aka
> heartbleed), it makes sense for SBo maintainers and the SBo community
> at large to review packages offered by SBo and identify those that
> statically link OpenSSL libraries or bundle their own copies.
>
> An example of the latter is Node.js [1] which has already been fixed in
> their devel branch [2].
>
> A semi-temporary page on SBo with a list of affected packages and
> mitigation steps (i.e.  re-compile, upgrade version, etc.) might be
> useful for end-users.

I just ran a quick git grep "openssl" and came up with this list

development/freetds
libraries/libeXosip2
libraries/libircclient
libraries/libssh2
libraries/luacrypto
libraries/qt5
misc/ssss/
multimedia/ffmpeg
network/amap
network/aria2
network/cadaver
network/cyrus-imapd
network/dovecot
network/dsniff
network/exim
network/gq
network/hostapd
network/lighttpd
network/ngircd
network/node
network/postfix
network/prosody
network/pure-ftpd
network/sipp
network/tntnet
network/vpnc
network/znc
system/postgresql
system/scrypt

Most of the scripts above are compiled using a dynamic linking against
OpenSSL, but it won't hurt to simply rebuilt them if you use them
against the latest OpenSSL available on Slackware 14.0, 14.1, and
- -Current


- --
Willy Sudiarto Raharjo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlNE7fsACgkQiHuDdNczM4G0JQCfUeE2MwqWo3FKaWb+EIng+NDs
ZFMAnjdpb6W0Q5uVFS7XrtpITOvuaodX
=Bj8G
-----END PGP SIGNATURE-----