Re: OpenSSL Heartbleed bug, Apache still vulnerable?
Jochen Spieker <ml@well-adjusted.de> wrote:
> Thinking about this … what I actually use is mod_spdy which is not
> linked against libssl. It probably has the same bug …
> Yes, here it is:
> https://code.google.com/p/mod-spdy/issues/detail?id=85
> | Note that just disabling the spdy module in Apache won't work, because
> | the SSL library itself is replaced. Easiest fix on Debian is to remove
> | the mod-spdy package from the system (for now).
And a fix has been comitted:
https://code.google.com/p/mod-spdy/issues/detail?id=85#c2
https://code.google.com/p/mod-spdy/source/detail?r=408
S°
--
Sigmentation fault. Core dumped.
Reply to: