I've just downloaded patch SUPEE-5344 and installed it, however the file name and applied.patches.list suggest it is SUPEE-5345, not 5344. OK this may be a typo in the code, perhaps, but checking my site with https://shoplift.byte.nl/scan still shows it still to be vulnerable.
How can I tell if this patch is the correct one and worked? Are there pre-requisites for this patch? (eg. 1533)
I'm running magento CE 1.7.0.2 and prior to this patch, none had been applied. Should I revert it and then get and apply ALL security patches available?
[later]
I reverted that original patch and applied 1533 then applied that patch again but still the test site shows it as vulnerable. File ownership was reset correctly and cache flushed (though I don't think that was necessary)
I note that the 1533 patch file is called PATCH_SUPEE-1533_EE_1.12.x_v1-2015-02-10-08-19-16.sh despite being downloaded for CE, not EE. Mind you, the patch list file suggests that 5344/5345 was for EE. How trustworthy are these patch files?
Best Answer
The file you installed is the correct file. The Patch is being collectively referred to as 5344, however the actual number of the patch appears to vary depending on which version of Magento you download it for. 1.7 is 5345, 1.6.1 is 5346, 1.6.x is 5341 etc.
I'm not sure why they did that for this patch, and yet keep the number consistent for 1533. Probably down to different employees with different opinions.
So long as you download the version matching your stores version, the patch appears in the app/etc/applied.patches file and you don't see any errors about the patch not applying when running, you should be good.