[Bug 1178090] [NEW] Existing header not overwritten when using the 'always' condition with Header set

2013-05-08 Thread Reed Loden
Public bug reported: I have an application that sets some headers, but I also have Apache setting them as well to handle some special cases. I'm using the mod_headers syntax of 'Header always set X-Foo "bar"'. I specifically use the 'always' condition table, as I want to include these headers on n

[Bug 1068854] Re: Support option to disable TLS compression to protect against CRIME attack

2012-11-08 Thread Reed Loden
** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2687 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1068854 Title: Support option to disable TLS compression

[Bug 1068854] Re: Support option to disable TLS compression to protect against CRIME attack

2012-11-02 Thread Reed Loden
Virendra, as far as I know, this isn't in any released Apache version. ** Changed in: apache2 (Ubuntu) Status: Fix Released => Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.n

[Bug 1068854] Re: Support option to disable TLS compression to protect against CRIME attack

2012-10-31 Thread Reed Loden
Debian just released apache2 v2.2.22-12 to address this issue. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1068854 Title: Support option to disable TLS compression to protect aga

[Bug 1068854] Re: Support option to disable TLS compression to protect against CRIME attack

2012-10-19 Thread Reed Loden
Note that Red Hat already supports a workaround [0] that allows for disabling zlib at the OpenSSL layer, which prevents TLS compression working in Apache. As far as I am aware, no such option exists for Ubuntu, leaving users vulnerable until a new package is available. [0] https://bugzilla.redhat.

[Bug 1068854] [NEW] Support option to disable TLS compression to protect against CRIME attack

2012-10-19 Thread Reed Loden
Public bug reported: Upstream Apache recently committed a change to be in Apache 2.2.24 (not yet released) that would allow for disabling TLS compression to protect against the CRIME attack. As it's probably going to be a way before 2.2.24 is released, it would be great to backport this patch as a

[Bug 943502] Re: whois doesn't properly query .hr/.sx/.pe TLDs and incorrect format for whois.arin.net

2012-03-05 Thread Reed Loden
whois 5.0.15 was just released with fixes for two other TLDs (including .pe, which wasn't correctly fixed in 5.0.14). Would be nice to pick those fixes up as well. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to whois in Ubuntu. https:/