httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Erenkrantz <jerenkra...@ebuilt.com>
Subject Re: FW: zlib vulnerability
Date Tue, 12 Mar 2002 08:14:14 GMT
On Mon, Mar 11, 2002 at 08:28:11PM -0500, Jeff Trawick wrote:
> "Ryan Bloom" <rbb@covalent.net> writes:
> 
> > We should probably do something about this, but I'm not sure what.
> 
> I thought the zlib vulnerability was in the decompress path.
> mod_deflate doesn't decompress.

Yup.  Adler mentioned here on-list that there was a memory leak
when using the decompression routines.  I'm wondering if that has
something to do with this vulnerability.  

But, yes, I'd say mod_deflate wouldn't be affected unless/until
we add input-filtering support.  (I think SVN might like this
at some point.)  -- justin


Mime
View raw message