[Bug 1403283] Re: [Security] BREACH vulnerability is not mitigated in default configuration
** Changed in: nginx (Debian) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1403283 Title: [Security] BREACH vulnerability is not mitigated in default configuration To manage notifications about this bug go to: https://bugs.launchpad.net/nginx/+bug/1403283/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1403283] Re: [Security] BREACH vulnerability is not mitigated in default configuration
** Changed in: nginx Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1403283 Title: [Security] BREACH vulnerability is not mitigated in default configuration To manage notifications about this bug go to: https://bugs.launchpad.net/nginx/+bug/1403283/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1403283] Re: [Security] BREACH vulnerability is not mitigated in default configuration
** Changed in: nginx (Debian) Status: New = Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1403283 Title: [Security] BREACH vulnerability is not mitigated in default configuration To manage notifications about this bug go to: https://bugs.launchpad.net/nginx/+bug/1403283/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1403283] Re: [Security] BREACH vulnerability is not mitigated in default configuration
** Changed in: nginx (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1403283 Title: [Security] BREACH vulnerability is not mitigated in default configuration To manage notifications about this bug go to: https://bugs.launchpad.net/nginx/+bug/1403283/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1403283] Re: [Security] BREACH vulnerability is not mitigated in default configuration
Additional notes: Disabling HTTP-level compression by default is not a decent option to solving this. Mitigation is mostly on an application level, then, however there are third-party modules that can be included (in the Universe binaries) which would add length hiding as a potential mitigation method. A more detailed description on this whole issue can be found here on my blog, describing what BREACH is and possible mitigation methods. It also provides three possible mitigation methods, one which can be done already by default, one which can be done at application levels, and one which can be done with a separate module. http://dark-net.net/?p=49 is the blog post. (aggregated on planet.ubuntu.com) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1403283 Title: [Security] BREACH vulnerability is not mitigated in default configuration To manage notifications about this bug go to: https://bugs.launchpad.net/nginx/+bug/1403283/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1403283] Re: [Security] BREACH vulnerability is not mitigated in default configuration
** Bug watch added: Debian Bug tracker #773332 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773332 ** Also affects: nginx (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773332 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1403283 Title: [Security] BREACH vulnerability is not mitigated in default configuration To manage notifications about this bug go to: https://bugs.launchpad.net/nginx/+bug/1403283/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1403283] Re: [Security] BREACH vulnerability is not mitigated in default configuration
** Changed in: nginx Importance: Undecided = High ** Changed in: nginx Importance: High = Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1403283 Title: [Security] BREACH vulnerability is not mitigated in default configuration To manage notifications about this bug go to: https://bugs.launchpad.net/nginx/+bug/1403283/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1403283] Re: [Security] BREACH vulnerability is not mitigated in default configuration
** Changed in: nginx (Debian) Status: Unknown = New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1403283 Title: [Security] BREACH vulnerability is not mitigated in default configuration To manage notifications about this bug go to: https://bugs.launchpad.net/nginx/+bug/1403283/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1403283] Re: [Security] BREACH vulnerability is not mitigated in default configuration
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-3587 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1403283 Title: [Security] BREACH vulnerability is not mitigated in default configuration To manage notifications about this bug go to: https://bugs.launchpad.net/nginx/+bug/1403283/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs