Date: Wed, 9 Apr 2014 05:15:27 +0000 From: mancha <mancha1@...o.com> To: oss-security@...ts.openwall.com Subject: Re: Other instances of CVE-2014-0160 - mod_spdy from Google On Tue, Apr 08, 2014 at 09:59:33PM -0600, Kurt Seifried wrote: > So it appears there are projects that statically compile OpenSSL into > their software, one example: > > https://code.google.com/p/mod-spdy/ > > I have to assume there are more. So if you know of any please post > them to OSS-Security (and Full-Disclosure) so people can find out (and > hopefully all the security scanners/etc. add them to their checks). Good point Kurt. I would also add suites that don't statically link OpenSSL libs but bundle their own copies (e.g. Tor Browser Bundle). --mancha  https://blog.torproject.org/blog/tor-browser-354-released [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ