oss-sec mailing list archives
Other instances of CVE-2014-0160 - mod_spdy from Google
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 08 Apr 2014 21:59:33 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So it appears there are projects that statically compile OpenSSL into their software, one example: https://code.google.com/p/mod-spdy/ SECURITY UPDATE (8 Apr 2014): All mod_spdy users should upgrade to mod_spdy 0.9.4.2 immediately to fix the heartbleed bug in mod_spdy's linked version of OpenSSL. See https://code.google.com/p/mod-spdy/issues/detail?id=85 for details. ./src/build_modssl_with_npn.sh:OPENSSL_SRC_TGZ_URL="https://www.openssl.org/source/openssl-1.0.1g.tar.gz" I have to assume there are more. So if you know of any please post them to OSS-Security (and Full-Disclosure) so people can find out (and hopefully all the security scanners/etc. add them to their checks). - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTRMWkAAoJEBYNRVNeJnmTHeYP/2YybedrcK44gVPbufMylfX5 Z7pFPssxxTOC7yhiYC3u5GrTT3HOPXSt6AGKBPLPF/ZE+XZZVHXU9L2Xjhj/2f+y 5UICiVDQRmeSwV3E0bA87nw/TB9ofA5yVy5xmJLwBpHi9sH5BNC0Kh/8rDNGBv0b j9+MkPYHDMgHr+GoXKS9UbGP+GXcbOy3zY+/HJwKgZe1TGK4u3nm2Vb6gNAkebjy W8AWGhAsH5AV2RxZGLYV8UZPKWEi4qSbABNR75slMhEucr3dwyJswPdOkppbi9Sh VBEOHM69VWANKFKYB0bxrEcOqch5V1LYJZY/tlkJdZj43YyJAB6Jmz4xDQ3UvZyU /lVpkU/k3OHksSKa0Xx85YJIyhGMs2NTKJBg6hN0TJrXn84/MgQlVRQp1GfiW9sy g83IMzkmCznP1uIEv5vHrIP9Nq2IcefoCS1PTNNm36g2hJXEECcI+EaCt214fHcd XyUdqQM9q60BSSfPSwxrcz4HtL9CceOqGaBSPEuST7BRh4TqpxvULDFKPL4friEM GvsoNvj33bc1aBBQcFi7R9SfUFSIHcMAo293oMTXctuDi1HPQ8+vIuD5InWEQ4u7 /ZY0ukrlvKJiIW6wTrsRdkANAPl8j1fhQz8cFjeKA/m2Yq/yUKmqQKs4xy9CEFsy PBrE3ZVLzBOiIS9idhXn =hQHV -----END PGP SIGNATURE-----
Current thread:
- Other instances of CVE-2014-0160 - mod_spdy from Google Kurt Seifried (Apr 08)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Alan Coopersmith (Apr 08)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Kurt Seifried (Apr 08)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google mancha (Apr 08)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Arrigo Triulzi (Apr 09)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Vincent Danen (Apr 11)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Carlos Alberto Lopez Perez (Apr 11)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google mancha (Apr 13)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Alan Coopersmith (Apr 08)