OpenSSL 1.0.1e-2+deb7u21 purports to have fixed CVE-2016-2107. However, an SSL Labs check of a site running this version still comes up with the issue: https://www.ssllabs.com/ssltest/analyze.html?viaform=on&d=www.k2dls.net So which is correct, is the issue is resolved in the referencee version and SSL Labs is wrong or does the issue still exist. Can anyone else independently evaluate and confirm?