Nope, Debian did not change the version number when fixing the bug :(

author: Xavier Roche <xroche@users.noreply.github.com> 2014-04-10 16:51:40 +0000
committer: Xavier Roche <xroche@users.noreply.github.com> 2014-04-10 16:51:40 +0000
commit: c7b0023dd7fb100713851eef338a89c2c773375e (patch)
tree: bbffd70fe8926fa20d0f10a1a5f8e83b9c01a9a9 /src
parent: 70a44456fb484971228556c91a894a12b9e097a1 (diff)
1 files changed, 4 insertions, 8 deletions
diff --git a/src/htslib.c b/src/htslib.c
index 81a769e..e3be90f 100644
--- a/src/htslib.c
+++ b/src/htslib.c
@@ -5081,21 +5081,17 @@ HTSEXT_API const char* hts_version(void) {
 }
 
 static int ssl_vulnerable(const char *version) {
+#ifdef _WIN32
   static const char *const match = "OpenSSL 1.0.1";
   const size_t match_len = strlen(match);
   if (version != NULL && strncmp(version, match, match_len) == 0) {
     // CVE-2014-0160
     // "OpenSSL 1.0.1g 7 Apr 2014"
     const char minor = version[match_len];
-    return minor == ' ' 
-      || (
-        ( minor >= 'a' && minor <= 'f' )
-        // do not choke on Debian flavors, for example
-        && version[match_len + 1] == ' '
-      );
-  } else {
-    return 0;
+    return minor == ' ' || ( minor >= 'a' && minor <= 'f' );
   }
+#endif
+  return 0;
 }
 
 static int hts_init_ok = 0;
author	Xavier Roche <xroche@users.noreply.github.com>	2014-04-10 16:51:40 +0000
committer	Xavier Roche <xroche@users.noreply.github.com>	2014-04-10 16:51:40 +0000
commit	c7b0023dd7fb100713851eef338a89c2c773375e (patch)
tree	bbffd70fe8926fa20d0f10a1a5f8e83b9c01a9a9 /src
parent	70a44456fb484971228556c91a894a12b9e097a1 (diff)