OpenSSL libraries not up-to-date

Ideas for improvements and requests for new features in XnView Classic

Moderators: XnTriq, helmut, xnview

Post Reply
User avatar
omniplex
Posts: 127
Joined: Thu Feb 10, 2011 1:52 pm
Location: Hamburg
Contact:

OpenSSL libraries not up-to-date

Post by omniplex »

Hi, I'm not sure where to post this: Apparently the XnView 2.33 addons contain OpenSSL 1.0.0.15 libraries built in October, 2014. With a = 1, b = 2, etc. that corresponds to OpenSSL 1.0.0o (lower case O = 15). As of June, 2015 the recommended 1.0.0? version is 1.0.0s (s = 19). There are also 1.0.1? and 1.0.2? branches, but I can't tell what the difference is. Sooner or later software like Secunia PSI will scream havoc if it finds older OpenSSL libraries.
User avatar
xnview
Author of XnView
Posts: 43444
Joined: Mon Oct 13, 2003 7:31 am
Location: France
Contact:

Re: OpenSSL

Post by xnview »

right i'll update it
Pierre.
User avatar
omniplex
Posts: 127
Joined: Thu Feb 10, 2011 1:52 pm
Location: Hamburg
Contact:

Re: OpenSSL

Post by omniplex »

xnview wrote:right i'll update it
Thanks, state of the art as of today is 1.0.1p :bugfixed: There's no new 1.0.0? on their site, maybe 1.0.0s is not affected by this 1.0.1/1.0.2 bug.
User avatar
omniplex
Posts: 127
Joined: Thu Feb 10, 2011 1:52 pm
Location: Hamburg
Contact:

Re: OpenSSL

Post by omniplex »

Update, the actual versions as of May 3, 2016, are 1.0.2h or 1.0.1t, respectively. The 0.9.8 and 1.0.0 branches are dead, cf. OpenSSL Security Advisory [3rd May 2016].

XnView 2.36 apparently uses 1.0.2c ("1.0.2.3", June 2015). Oddly their May 2016 advisory talks about 1.0.2c, but I guess they mean 1.0.2h (that would be "1.0.2.8", May 2016).
Post Reply