[packman] PMBS vulnerable to Heartbleed
guido+links2linux.de at berhoerster.name
Tue Apr 15 10:26:40 CEST 2014
* Stefan Botter <jsj at jsj.dyndns.org> [2014-04-15 08:38]:
> If you are uncomfortable with still running on the vulnerable PMBS, I
> can shut it down until the update is finished.
It is currently being actively exploited and Packamn is a visible
and valuable target, so IMO something needs to be done ASAP.
Instead of shutting it down, how about just rebuilding the OpenSSL
package from 12.2 with -DOPENSSL_NO_HEARTBEATS and using that for
the time being?
More information about the Packman