[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-modgzip
Subject: Re: [Mod_gzip] zlib security hole
From: Tomaz Borstnar <tomaz.borstnar () over ! net>
Date: 2002-03-14 10:15:47
[Download RAW message or body]
At 22:32 11.3.2002, Paonia Ezrine wrote the following message:
>It looks like mod_gzip is vulnerable to the zlib security hole it
>also looks like it includes the code as opposed to linking to it are both
>these thing correct? If so when can we expect a patch and is a workaround
>available.
1. The reported 'security hole' in ZLIB has NOTHING to
do with mod_gzip and does not affect mod_gzip in any
way. People 'in the know' about compression have known
about this potential 'malloc' problem in ZLIB for 3 years
now and it ONLY applies to 'decompression' and not
'compression'. mod_gzip doesn't decompress anything
and besides... mod_gzip does NOT use ZLIB at all
so there is NOTHING to worry about. mod_gzip is 'safe'.
----
Tomaz Borstnar <tomaz.borstnar@over.net>
"Love is the answer to the final question you ask" - Unknown
_______________________________________________
mod_gzip mailing list
mod_gzip@lists.over.net
http://lists.over.net/mailman/listinfo/mod_gzip
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic