Slightly OT but for those interested, I added the heartbleed utility (used by the heartbleed checker site) to the AUR: https://aur.archlinux.org/packages/heartbleed-git/ % heartbleed mediacru.sh:443 2014/04/08 17:53:57 mediacru.sh:443 - SAFE J. Leclanche On Tue, Apr 8, 2014 at 5:35 PM, Anatol Pomozov <anatol.pomozov@xxxxxxxxx> wrote: > Hi > > On Tue, Apr 8, 2014 at 9:29 AM, Pierre Schmitz <pierre@xxxxxxxxxxxx> wrote: >> Am 08.04.2014 17:29, schrieb Neal Oakey: >>> Hi, >>> >>> there is an Bug(1) in OpenSSL 1.0.1 and as far as I'm informed this has >>> only been patched in 1.0.1g. >>> Many other Distributions have build there own patch, what is with us? >>> Currently we have "1.0.1.f-2" which is effected as far as I can know. >>> >>> Greetings >>> Neal >>> >>> 1) (sry, German) >>> http://www.golem.de/news/sicherheitsluecke-keys-auslesen-mit-openssl-1404-105685.html >> >> I actually did push an updated package within 3 hours after the public >> announcement. I think that is pretty reasonable especially since we are >> not among the fortunate distros and companies that were notified >> beforehand. > > Is there any "secret security list" for distros where such issues are > discussed/notified before a vulnerable gets public attention? If there > is one then Arch should be added there as well.
