Public bug reported:
I have an application that sets some headers, but I also have Apache
setting them as well to handle some special cases. I'm using the
mod_headers syntax of 'Header always set X-Foo "bar"'. I specifically
use the 'always' condition table, as I want to include these headers on
n
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2687
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/1068854
Title:
Support option to disable TLS compression
Virendra, as far as I know, this isn't in any released Apache version.
** Changed in: apache2 (Ubuntu)
Status: Fix Released => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.n
Debian just released apache2 v2.2.22-12 to address this issue.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/1068854
Title:
Support option to disable TLS compression to protect aga
Note that Red Hat already supports a workaround [0] that allows for
disabling zlib at the OpenSSL layer, which prevents TLS compression
working in Apache. As far as I am aware, no such option exists for
Ubuntu, leaving users vulnerable until a new package is available.
[0] https://bugzilla.redhat.
Public bug reported:
Upstream Apache recently committed a change to be in Apache 2.2.24 (not
yet released) that would allow for disabling TLS compression to protect
against the CRIME attack. As it's probably going to be a way before
2.2.24 is released, it would be great to backport this patch as a
whois 5.0.15 was just released with fixes for two other TLDs (including
.pe, which wasn't correctly fixed in 5.0.14). Would be nice to pick
those fixes up as well.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to whois in Ubuntu.
https:/