Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 08 Apr 2014 21:44:45 -0700
From: Alan Coopersmith <>
CC: Kurt Seifried <>
Subject: Re: Other instances of CVE-2014-0160 - mod_spdy from

On 04/ 8/14 08:59 PM, Kurt Seifried wrote:
> So it appears there are projects that statically compile OpenSSL into
> their software, one example:
> lists:

   Version 5.01, 2014.04.08, urgency: HIGH:
     Security bugfixes
         OpenSSL DLLs updated to version 1.0.1g. This version mitigates
         TLS heartbeat read overrun (CVE-2014-0160).

but that appears be only for the precompiled Windows binaries they offer for
download, as it doesn't contain a copy of OpenSSL in the source tarballs for
Linux/UNIX distros, but instead searches for one in

	-Alan Coopersmith-    
	 Oracle Solaris Engineering -

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ