Yeah I could do just that. But. It begs the question, if they are this slow on this one security update, how many other security problems with other packages that I haven't looked into or that I'm not aware of?

So I guess it is still vulnerable, great, any idea when its going to get fixed?

How can I tell for my self which security updates have been applied to individual Raspbian packages? Usually individual software maintainers specify "upgrade to version x.y.z to fix vulnerability W" but it seems the fixes are kinda patched into older versions. I don't really care if its easy or not,...

This has been broken since Sept, when they just patched openssl1.0.0t instead of upgrading to the openssl1.0.0u version. If you manually compile openssl from source, it fixes the openvpn problem, but breaks so much other stuff in the OS that its almost not worth it.

1.0.1u has been out since Sept 22 2016, and the raspbian repos is still at 1.0.1t

http://archive.raspbian.org/raspbian/po ... _armhf.deb
https://www.openssl.org/source/openssl-1.0.1u.tar.gz

doing apt-get update and upgrade doesn't fix it.