- Garnet: Running Debian Sid, so affected by vulnerability; hastily downgraded to 5.4.5
- Amethyst: FreeBSD still ships 5.4.x
- Pearl: Obsolete and currently unused hardware, so Linux hasn’t been updated since October and OSX hasn’t been updated since 2009.
- Pearl-II: Void Linux still ships with 5.4.x, and the malware requires glibc anyway (I’m running musl); macOS partition still has 5.4.x (which is strange, given that I use
pkgsrc
, which shipped 5.6.x) - LapisLazuli: According to Mageia, everything’s fine
- Spinel: Running Raspbian Stable, which still ships 5.4.x
For me, it’s not a pleasure to inform you that all of my machines run Arch testing, including the server with port 22 open, and therefore had the backdoor for over a month. On the other hand, it should not have been compiled in actually, as it should only target Debian and RPM.