From front page http://code.google.com/p/mod-spdy/ SECURITY UPDATE (8 Apr 2014): All mod_spdy users should upgrade to mod_spdy 0.9.4.2 immediately to fix the heartbleed bug in mod_spdy's linked version of OpenSSL. See issue 85 for details. Also, should this package still be masked? Why not move to unstable?
(In reply to Leho Kraav (:macmaN @lkraav) from comment #0) > From front page http://code.google.com/p/mod-spdy/ > > SECURITY UPDATE (8 Apr 2014): All mod_spdy users should upgrade to mod_spdy > 0.9.4.2 immediately to fix the heartbleed bug in mod_spdy's linked version > of OpenSSL. See issue 85 for details. It doesn't appear to install openssl libraries so how would this apply to a build from source?
That's a good question. I mainly copy pasted that to create some fake'ish urgency, but Gentoo people are too smart ;) More interested in the general bump thing and the unmasking.
should be all set now in the tree; thanks for the report! Commit message: Version bump http://sources.gentoo.org/www-apache/mod_spdy/mod_spdy-0.9.4.2.ebuild?rev=1.1