Date: Fri, 11 Apr 2014 12:01:47 -0600 From: "Vincent Danen" <vdanen@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: Other instances of CVE-2014-0160 - mod_spdy from Google On 04/09/2014, at 0:00 AM, Arrigo Triulzi wrote: > On Apr 9, 2014, at 05:59, Kurt Seifried <kseifried@...hat.com> wrote: >> So it appears there are projects that statically compile OpenSSL into >> their software, one example: > > Note that OpenVPN has also advertised on Twitter that they too have released a new version with a patch for Heartbleed. Most architectures ship with OpenVPN dynamically linked but they do distribute with their own private copy. LibreOffice as well, but only if you get their binaries apparently: http://www.libreoffice.org/about-us/security/advisories/cve-2014-0160/ -- Vincent Danen / Red Hat Security Response Team [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ