Hello for your information, our sites now have the patched version of openssl and are not affected by heartbleed anymore.( http://heartbleed.com/ )
The patch have been applied tuesday (it was not complicated, just an update from repos), but my mistake, by habit I did a graceful restart of nginx, I should have done a full restart. Then, it did not take in account the openssl patch, so I think it's fair to warn you that only few hours ago, I realized my mistake and did a full restart, which left our website two days with this know vulnerability. I don't think we are a real target of hackers, but it's fair to warn you about this: maybe you would consider changing your openmandriva webservices passwords, mainly if it's the same used for other services (which is of course a bad practise :) Raphaël
