Hi Francesco, * Francesco Poli <frx@firenze.linux.it> [2008-05-18 12:34]: > I don't understand which vulnerabilities is DTSA-131-1 supposed to fix. > The tracker page [1] does not mention any CVE or bug. > The svn repository file data/DTSA/list does not either. That's because there is not yet a CVE id for this issue. This update fixes a denial of service vulnerability if apache is used with mod_ssl and zlib compression. You can find the corresponding upstream bug report on: https://issues.apache.org/bugzilla/show_bug.cgi?id=44975 > [1] http://security-tracker.debian.net/tracker/DTSA-131-1 > > BTW, I've noticed a typo in the repository file data/DTSA/list: > it seems that the date of DTSA-132-1 has the wrong year (2007 rather > than 2008)... Thanks, already fixed. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpZNJo1O1avN.pgp
Description: PGP signature