XnView Software

Hi, I'm not sure where to post this: Apparently the XnView 2.33 addons contain OpenSSL 1.0.0.15 libraries built in October, 2014. With a = 1, b = 2, etc. that corresponds to OpenSSL 1.0.0o (lower case O = 15). As of June, 2015 the recommended 1.0.0? version is 1.0.0s (s = 19). There are also 1.0.1? and 1.0.2? branches, but I can't tell what the difference is. Sooner or later software like Secunia PSI will scream havoc if it finds older OpenSSL libraries.

right i'll update it

xnview wrote:right i'll update it

Thanks, state of the art as of today is 1.0.1p There's no new 1.0.0? on their site, maybe 1.0.0s is not affected by this 1.0.1/1.0.2 bug.

Update, the actual versions as of May 3, 2016, are 1.0.2h or 1.0.1t, respectively. The 0.9.8 and 1.0.0 branches are dead, cf. OpenSSL Security Advisory [3rd May 2016].

XnView 2.36 apparently uses 1.0.2c ("1.0.2.3", June 2015). Oddly their May 2016 advisory talks about 1.0.2c, but I guess they mean 1.0.2h (that would be "1.0.2.8", May 2016).