Slightly OT but for those interested, I added the heartbleed utility (used by the heartbleed checker site) to the AUR: https://aur.archlinux.org/packages/heartbleed-git/ % heartbleed mediacru.sh:443 2014/04/08 17:53:57 mediacru.sh:443 - SAFE J. Leclanche On Tue, Apr 8, 2014 at 5:35 PM, Anatol Pomozov <anatol.pomozov@gmail.com> wrote:
Hi
On Tue, Apr 8, 2014 at 9:29 AM, Pierre Schmitz <pierre@archlinux.de> wrote:
Am 08.04.2014 17:29, schrieb Neal Oakey:
Hi,
there is an Bug(1) in OpenSSL 1.0.1 and as far as I'm informed this has only been patched in 1.0.1g. Many other Distributions have build there own patch, what is with us? Currently we have "1.0.1.f-2" which is effected as far as I can know.
Greetings Neal
1) (sry, German) http://www.golem.de/news/sicherheitsluecke-keys-auslesen-mit-openssl-1404-10...
I actually did push an updated package within 3 hours after the public announcement. I think that is pretty reasonable especially since we are not among the fortunate distros and companies that were notified beforehand.
Is there any "secret security list" for distros where such issues are discussed/notified before a vulnerable gets public attention? If there is one then Arch should be added there as well.