When you ship OpenSSL DLLs, you should provide an update mechanism outside of your regular product cycle that updates these shortly after vulnerabilities are fixed.
Few if any products do that. So I made an overview from products and OpenSSL DLL versions I had installed on various systems.
I’m a developer, so the list is biased towards tools I use often.
All of them are vulnerable: [WayBack] https://www.openssl.org/news/vulnerabilities.html
- 1.0.2.h by ContinuaCI 1.8.1.185 PostgreSQL and Avast 12.3
- 1.0.2.g by SourceTree 1.9.x embedded git_local
- 1.0.2d by Git for Windows 2.6.1
- 1.0.2a by SQLite browser 3.7.0
- 1.0.1m by Delphi 10.0 Seattle
- 1.0.1l by Ruby 2.3
- 1.0.1f by SlikSvn 1.8.5
- 1.0.1g by Delphi XE8, Delphi XE7, VMware Workstation OVF tool and Adobe Creative Cloud 2.8.1
- 1.0.0g by Delphi XE6, Delphi XE5, Delphi XE4, Delphi XE3, Appmethod 1.13 and CollabNet SVN Client 1.7.5
- 1.00d by MarkdownPad 2
- 1.0.0 by FinalBuider 7 XE2 and FinalBuilder 7 EE
- 0.9.8za by VMware Remote Console Plug-in 5.1 and VMware Virtual Infrastructure Client 5.1
- 0.9.8y by VMware VIX Workstation 10
- 0.9.8t by Veaam Backup and Replication
- 0.9.8r by ContinuaCI 1.8.1.185 hg support, VMware VIX and VMware Workstation 8.0.2
- 0.9.8q by Veeam Backup Transport, Veaam Backup, xampp 1.7.4 and Replication and VMware Virtual Infrastructure Client 5.0
- 0.9.8o by xampp 1.7.4
- 0.9.8l by xampp 1.7.4
- 0.9.8n by Delphi XE2, Delphi XE and VMware VIX Workstation 7.1.0
- 0.9.8m by VMware VMRC Plug-in, VMware VIX and VMware Workstation 8.0.2
- 0.9.8i by VMware Virtual Infrastructure Client 4.1
- 0.9.8d by Database Workbench Pro 4.4.3, Database Workbench Pro 5.2.4 and VMware vSphere CLI Perl
- 0.9.8b by Adobe Creative Suite 5
- 0.9.7m by VMware VIX server 1.0.9
- 0.9.7l by VMware VIX VIServer 2
- N/A by Adobe Create Suite 5 and VMware VIX server 1
–jeroen
via: [WayBack] Does Delphi installer install OpenSSL dll’s?
PS: Below some Software Archeology related links in the comments.
The Wiert Corner - irregular stream of stuff 