Windows was updated yesterday: http://boinc.berkeley.edu/gitweb/?p=boinc_depends_win_vs2010.git;a=summa ry
On Linux we utilize whatever version of OpenSSL is maintained by the distro. Since the client doesn't use SSL in a server-role it doesn't need to be backported to older branches. ----- Rom -----Original Message----- From: boinc_dev [mailto:[email protected]] On Behalf Of Oliver Bock Sent: Tuesday, April 15, 2014 8:21 AM To: TarotApprentice Cc: [email protected] Subject: Re: [boinc_dev] Heartbleed bug with OpenSSL On 15/04/14 13:56 , TarotApprentice wrote: > Apart from all the hype I presume BOINC will need to come bundled with > a patched OpenSSL and the projects need to update to a later version > incorporating a patched OpenSSL. Any advice from the BOINC developers? Charlie already updated OpenSSL bundled with the OSX client. Updates for the Windows and Linux clients should hopefully be in the pipeline (if affected). Projects need to check which OpenSSL version is installed on their servers. Many, like Einstein@Home, should still be running 0.98 which isn't affected. If you run any of the affected versions, update/upgrade to 1.0.1g or equivalent (Debian for instance ships a patched version of 1.0.1f for wheezy). If you used an affected version you should get a new SSL certificate (key) as you should consider it as being compromised. Unfortunately, that means all previous encrypted data transfers should also be considered compromised which in turn means your volunteers should be notified to change their passwords, obviously after you renewed your certificate keys. HTH, Oliver _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
