[sylpheed:36053] Re: HeartBleed vulnerable?

Hiroyuki Yamamoto hiro-y at kcn.ne.jp
Tue Apr 22 10:29:41 JST 2014


Hello,

On Mon, 21 Apr 2014 23:07:01 +0200
Javier <meresponde2001-sylpheed at yahoo.es> wrote:

> A simple question, is Sylpheed HeartBleed vulnerable with the current
> release 3.4.1?
> 
> I didn't thought of it because servers usually don't send keep-alive
> to clients, but I read the the HeartBeat can be bidirectional (for me
> is nonsense) so, that's because I ask, and viewing some applications
> out there with the HeartBeat responses implemented in clients...
> better to clear the doubt.

Since 3.4.1 (win32) includes OpenSSL 0.9.8y (latest 0.9.8 branch release),
Sylpehed 3.4.1 (win32) is NOT vulnerable to Heartbleed.
(only OpenSSL 1.0.1 - 1.0.1f are vulnerable)

For other OSes, it depends on the installed version of OpenSSL.

-- 
Hiroyuki Yamamoto <hiro-y at kcn.ne.jp>


More information about the Sylpheed mailing list