[Bug 1403283] Re: [Security] BREACH vulnerability is not mitigated in default configuration

** Changed in: nginx (Debian) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1403283 Title: [Security] BREACH vulnerability is not

[Bug 1403283] Re: [Security] BREACH vulnerability is not mitigated in default configuration

** Changed in: nginx Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1403283 Title: [Security] BREACH vulnerability is not mitigated in default

[Bug 1403283] Re: [Security] BREACH vulnerability is not mitigated in default configuration

** Changed in: nginx (Debian) Status: New = Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1403283 Title: [Security] BREACH vulnerability is not mitigated in

[Bug 1403283] Re: [Security] BREACH vulnerability is not mitigated in default configuration

** Changed in: nginx (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1403283 Title: [Security] BREACH vulnerability is not mitigated in default

[Bug 1403283] Re: [Security] BREACH vulnerability is not mitigated in default configuration

Additional notes: Disabling HTTP-level compression by default is not a decent option to solving this. Mitigation is mostly on an application level, then, however there are third-party modules that can be included (in the Universe binaries) which would add length hiding as a potential mitigation

[Bug 1403283] Re: [Security] BREACH vulnerability is not mitigated in default configuration

** Bug watch added: Debian Bug tracker #773332 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773332 ** Also affects: nginx (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773332 Importance: Unknown Status: Unknown -- You received this bug notification because

[Bug 1403283] Re: [Security] BREACH vulnerability is not mitigated in default configuration

** Changed in: nginx Importance: Undecided = High ** Changed in: nginx Importance: High = Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1403283 Title: [Security]

[Bug 1403283] Re: [Security] BREACH vulnerability is not mitigated in default configuration

** Changed in: nginx (Debian) Status: Unknown = New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1403283 Title: [Security] BREACH vulnerability is not mitigated in default

[Bug 1403283] Re: [Security] BREACH vulnerability is not mitigated in default configuration

** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-3587 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1403283 Title: [Security] BREACH vulnerability is not