[Slackbuilds-users] Cauterizing heartbleed (CVE-2014-0160)
mancha
mancha1 at hush.com
Fri Apr 11 18:34:44 UTC 2014
Willy Sudiarto Raharjo <willysr at ...> writes:
>
> I just ran a quick git grep "openssl" and came up with this list
>
Heartbleed is serious enough that responsible vulnerability management
requires some human work (preferably by either the package maintainer
or a user very familiar with the package's innards). Your git grep
helps a bit but is not enough.
For example, SBo offers a libreoffice [1] that needs to be upgraded
because it bundles a vulnerable OpenSSL [2] yet it's not in your list.
> Most of the scripts above are compiled using a dynamic linking against
> OpenSSL, but it won't hurt to simply rebuilt them if you use them
> against the latest OpenSSL available on Slackware 14.0, 14.1, and
> -Current
If we're sure the linking is dynamic then re-compilation is not needed.
--mancha
===
[1] http://slackbuilds.org/repository/14.1/office/libreoffice/
[2] https://www.libreoffice.org/about-us/security/advisories/cve-2014-0160/
More information about the SlackBuilds-users
mailing list