Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 08 Apr 2014 21:44:45 -0700
From: Alan Coopersmith <>
CC: Kurt Seifried <>
Subject: Re: Other instances of CVE-2014-0160 - mod_spdy from

On 04/ 8/14 08:59 PM, Kurt Seifried wrote:
> So it appears there are projects that statically compile OpenSSL into
> their software, one example:
> lists:

   Version 5.01, 2014.04.08, urgency: HIGH:
     Security bugfixes
         OpenSSL DLLs updated to version 1.0.1g. This version mitigates
         TLS heartbeat read overrun (CVE-2014-0160).

but that appears be only for the precompiled Windows binaries they offer for
download, as it doesn't contain a copy of OpenSSL in the source tarballs for
Linux/UNIX distros, but instead searches for one in

	-Alan Coopersmith-    
	 Oracle Solaris Engineering -

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.