Hello,
Can we get this #689936 issue fixed also in stable with DSA, thanks?
- Henri Salo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Currently Debian stable systems are failing PCI compliance scans due to
not being able to disable SSL compression and therefore vulnerable to
CRIME attacks.
So it would be really nice to get this patch applied.
--
Mike
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
wit
Source: root-system
Severity: important
Tags: security
Hi folks,
AFAICS, Debian’s Apache2.2 is still vulnerable to CRIME.
Well, AFAIK, CRIME is thought to be fixed on the browser sides, by them
simply not using compression with TLS.
While this helps in many cases, IMHO it's not enough and I'd r
3 matches
Mail list logo
