Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 9 Apr 2014 05:15:27 +0000
From: mancha <mancha1@...o.com>
To: oss-security@...ts.openwall.com
Subject: Re: Other instances of CVE-2014-0160 - mod_spdy from
 Google

On Tue, Apr 08, 2014 at 09:59:33PM -0600, Kurt Seifried wrote:
> So it appears there are projects that statically compile OpenSSL into
> their software, one example:
> 
> https://code.google.com/p/mod-spdy/
> 
> I have to assume there are more. So if you know of any please post
> them to OSS-Security (and Full-Disclosure) so people can find out (and
> hopefully all the security scanners/etc. add them to their checks).

Good point Kurt.

I would also add suites that don't statically link OpenSSL libs but
bundle their own copies (e.g. Tor Browser Bundle).

--mancha

[1] https://blog.torproject.org/blog/tor-browser-354-released

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ