[Slackbuilds-users] Cauterizing heartbleed (CVE-2014-0160)
mancha1 at hush.com
Fri Apr 11 18:34:44 UTC 2014
Willy Sudiarto Raharjo <willysr at ...> writes:
> I just ran a quick git grep "openssl" and came up with this list
Heartbleed is serious enough that responsible vulnerability management
requires some human work (preferably by either the package maintainer
or a user very familiar with the package's innards). Your git grep
helps a bit but is not enough.
For example, SBo offers a libreoffice  that needs to be upgraded
because it bundles a vulnerable OpenSSL  yet it's not in your list.
> Most of the scripts above are compiled using a dynamic linking against
> OpenSSL, but it won't hurt to simply rebuilt them if you use them
> against the latest OpenSSL available on Slackware 14.0, 14.1, and
If we're sure the linking is dynamic then re-compilation is not needed.
More information about the SlackBuilds-users