[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 61934] Impact of CVE-2017-3737 on Apache HTTP Server


Eric Covener <covener@xxxxxxxxx> changed:

           What    |Removed                     |Added
                 OS|                            |All

--- Comment #1 from Eric Covener <covener@xxxxxxxxx> ---
mod_ssl seems to more closely match the 'safe' path w/ state/error checking in
the three places it does handshakes.  Either way, the only sane suggestion is
to use an unaffected openssl.

Presumably vendors are updating their openssl builds, not changing how they
call openssl.

Leaving in "NEW" in case someone wants to look more closely.

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail: bugs-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: bugs-help@xxxxxxxxxxxxxxxx