It does not affect you, but it affected me.
I wanted to run the newest version of the Mumble server "murmur".
Easiest way to do this is to use the static binary. (At that time there was no warning on the release page yet.)
But of course this ran with an outdated OpenSSL.
I don't want to run a server with unpatched known security holes so I had to scrap that idea.
"Just update your version" is also not possible because the newest static build still contains old OpenSSL.
In the end I had to get the newest murmur package from Debian Unstable. It's fine, it works for me (TM), but then why did the static build exist at all?
They should just remove the outdated static binary build if they aren't going to fix it.
I don't want to run a server with unpatched known security holes so I had to scrap that idea.
"Just update your version" is also not possible because the newest static build still contains old OpenSSL.
In the end I had to get the newest murmur package from Debian Unstable. It's fine, it works for me (TM), but then why did the static build exist at all?
They should just remove the outdated static binary build if they aren't going to fix it.