Comment Re:Test servers your self with PoC (Score 1) 301
I know my webservers are all good, because they're linking against openssl 0.9.8. I just managed to confirm that Debian Squeeze's stock OpenVPN package links to the 0.9.8 library as well, and isn't statically linked, so, so far as I understand the vulnerability, there's no chance I was compromised.
It does indeed pay, on occasion, to stick with older versions. I had actually been looking to upgrade my VPN gateways to Wheezy a few months ago, and am rather glad I didn't.