None of the Linux distros I’ve looked at have included the fix, yet, either. It might be a while…
Don’t know how you came to that conclusion.
Experts check at http://www.debian.org/security/2014/dsa-2896 and find there:
Yeah, for debian distros…
I haven’t checked ALL distros, but the four I run (as of last night) still had not updated the distros.
But when I checked this morning, Ubuntu now has 1.0.1e-3ubuntu1.2 – which is patched.
However, apt.get upgrade in MyCloud bricks the box due to the well known mess WD left there!!
Well, that’s pretty strange approach to upgrading a single package…
The correct way to do the upgrade:
CloudNAS:~# apt-get --only-upgrade install openssl
Reading package lists... Done
Building dependency tree
Reading state information... Done
openssl is already the newest version.
That shows that openssl is still the latest version available – the distro for arch armv71 still does not have a patched openssl package.
The WD is looking in packages at:
CloudNAS:~# cat /etc/apt/sources.list
deb http://ftp.us.debian.org/debian/ wheezy main
… the version is still 1.0.1e-2
So clue me in… why does Debian package list not include the update?