oss-sec mailing list archives
Re: Other instances of CVE-2014-0160 - mod_spdy from Google
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Tue, 08 Apr 2014 21:44:45 -0700
On 04/ 8/14 08:59 PM, Kurt Seifried wrote:
So it appears there are projects that statically compile OpenSSL into their software, one example: https://code.google.com/p/mod-spdy/
https://www.stunnel.org/sdf_ChangeLog.html lists: Version 5.01, 2014.04.08, urgency: HIGH: Security bugfixes OpenSSL DLLs updated to version 1.0.1g. This version mitigates TLS heartbeat read overrun (CVE-2014-0160). but that appears be only for the precompiled Windows binaries they offer for download, as it doesn't contain a copy of OpenSSL in the source tarballs for Linux/UNIX distros, but instead searches for one in configure.ac. -- -Alan Coopersmith- alan.coopersmith () oracle com Oracle Solaris Engineering - http://blogs.oracle.com/alanc
Current thread:
- Other instances of CVE-2014-0160 - mod_spdy from Google Kurt Seifried (Apr 08)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Alan Coopersmith (Apr 08)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Kurt Seifried (Apr 08)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google mancha (Apr 08)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Arrigo Triulzi (Apr 09)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Vincent Danen (Apr 11)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Carlos Alberto Lopez Perez (Apr 11)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google mancha (Apr 13)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Alan Coopersmith (Apr 08)