oss-sec mailing list archives

Re: Other instances of CVE-2014-0160 - mod_spdy from Google

From: mancha <mancha1 () zoho com>
Date: Wed, 9 Apr 2014 05:15:27 +0000

On Tue, Apr 08, 2014 at 09:59:33PM -0600, Kurt Seifried wrote:

So it appears there are projects that statically compile OpenSSL into
their software, one example:

https://code.google.com/p/mod-spdy/

I have to assume there are more. So if you know of any please post
them to OSS-Security (and Full-Disclosure) so people can find out (and
hopefully all the security scanners/etc. add them to their checks).


Good point Kurt.

I would also add suites that don't statically link OpenSSL libs but
bundle their own copies (e.g. Tor Browser Bundle).

--mancha

[1] https://blog.torproject.org/blog/tor-browser-354-released

Attachment: _bin
Description:

Current thread:

Other instances of CVE-2014-0160 - mod_spdy from Google Kurt Seifried (Apr 08)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Alan Coopersmith (Apr 08)
  - Re: Other instances of CVE-2014-0160 - mod_spdy from Google Kurt Seifried (Apr 08)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google mancha (Apr 08)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Arrigo Triulzi (Apr 09)
  - Re: Other instances of CVE-2014-0160 - mod_spdy from Google Vincent Danen (Apr 11)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Carlos Alberto Lopez Perez (Apr 11)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google mancha (Apr 13)