Well, of course 2 days since the alert, of course, this vulnerability exists since two years, so anyway you may think about globally changing your passwords over the web :)
2014-04-10 10:53 GMT+02:00 Raphaël Jadot <r...@hodo.fr>: > Hello > > for your information, our sites now have the patched version of openssl > and are not affected by heartbleed anymore.( http://heartbleed.com/ ) > > The patch have been applied tuesday (it was not complicated, just an > update from repos), but my mistake, by habit I did a graceful restart of > nginx, I should have done a full restart. > > Then, it did not take in account the openssl patch, so I think it's fair > to warn you that only few hours ago, I realized my mistake and did a full > restart, which left our website two days with this know vulnerability. > > I don't think we are a real target of hackers, but it's fair to warn you > about this: maybe you would consider changing your openmandriva webservices > passwords, mainly if it's the same used for other services (which is of > course a bad practise :) > > Raphaël >