I'm developing an app with Android Crosswalk.
A few days ago, alert mail arrived from google play about a security issue of OpenSSL.
The method of verifying the version of OpenSSL was written to e-mail.
The vulnerabilities were addressed in OpenSSL versions beginning with 1.0.1h, 1.0.0m, and 0.9.8za. To confirm your OpenSSL version, you can do a grep via ("$ unzip -p YourApp.apk | strings | grep "OpenSSL""). For more information about the vulnerability, please consult http://www.openssl.org/news/secadv_20140605.txt.
But when unzip is run on Windows, an error is occurred("strings" is an invalid command).
Crosswalk's current version is 9.38.208.10. How can I verify OpenSSL is safe?
Crosswalk is running an older version of OpenSSL. I work at Intel (on a different team) and we are aware of the issue and raising it with the Crosswalk team.
OpenSSL default user interface
OpenSSL 1.0.1e 11 Feb 2013