On Mon, Mar 11, 2002 at 08:28:11PM -0500, Jeff Trawick wrote: > "Ryan Bloom" <[EMAIL PROTECTED]> writes: > > > We should probably do something about this, but I'm not sure what. > > I thought the zlib vulnerability was in the decompress path. > mod_deflate doesn't decompress.
Yup. Adler mentioned here on-list that there was a memory leak when using the decompression routines. I'm wondering if that has something to do with this vulnerability. But, yes, I'd say mod_deflate wouldn't be affected unless/until we add input-filtering support. (I think SVN might like this at some point.) -- justin
