oss-sec mailing list archives
Re: Other instances of CVE-2014-0160 - mod_spdy from Google
From: mancha <mancha1 () zoho com>
Date: Wed, 9 Apr 2014 05:15:27 +0000
On Tue, Apr 08, 2014 at 09:59:33PM -0600, Kurt Seifried wrote:
So it appears there are projects that statically compile OpenSSL into their software, one example: https://code.google.com/p/mod-spdy/ I have to assume there are more. So if you know of any please post them to OSS-Security (and Full-Disclosure) so people can find out (and hopefully all the security scanners/etc. add them to their checks).
Good point Kurt. I would also add suites that don't statically link OpenSSL libs but bundle their own copies (e.g. Tor Browser Bundle). --mancha [1] https://blog.torproject.org/blog/tor-browser-354-released
Attachment:
_bin
Description:
Current thread:
- Other instances of CVE-2014-0160 - mod_spdy from Google Kurt Seifried (Apr 08)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Alan Coopersmith (Apr 08)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Kurt Seifried (Apr 08)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google mancha (Apr 08)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Arrigo Triulzi (Apr 09)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Vincent Danen (Apr 11)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Carlos Alberto Lopez Perez (Apr 11)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google mancha (Apr 13)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Alan Coopersmith (Apr 08)