[Mod_gzip] any idea about security bugs reported on oreillynet.com

Jin Zhao mod_gzip@lists.over.net
Thu, 5 Jun 2003 13:01:26 -0500 

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C32B8C.3F10FE80
Content-Type: text/plain;
	charset="iso-8859-1"

Hi folks, 

Any idea about these security bugs reported in the following aritcle? 


http://linux.oreillynet.com/pub/a/linux/2003/06/04/insecurities.html 

The mentioned article suggestsed recompile mod_gzip to the 'normal' mode
instead of the 'debug' mode. After reading this, I looked at the Make file
of mod_gzip-1.3.26.1a, but found no targets specifically for 'debug' or
'normal'.  

My question about this issue is this: Should turning off mod_gzip logging
is enough to fix the problem? or must I remove mod_gzip_debug.c on
compiling? 

Thanks, 

Jin

------_=_NextPart_001_01C32B8C.3F10FE80
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<HTML>
<HEAD>

<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<TITLE>any idea about security bugs reported on oreillynet.com</TITLE>
</HEAD>
<BODY>

<P><B><FONT COLOR=3D"#0000FF" FACE=3D"Lucida Grande">Hi folks, =
</FONT></B></P>
<BR>

<P><B><FONT COLOR=3D"#0000FF" FACE=3D"Lucida Grande">Any idea about =
these security bugs reported in the following aritcle? </FONT></B></P>
<BR>
<BR>

<P><U><FONT COLOR=3D"#800080" =
FACE=3D"Geneva">http://linux.oreillynet.com/pub/a/linux/2003/06/04/insec=
urities.html </FONT></U></P>
<BR>

<P><U><FONT COLOR=3D"#800080" FACE=3D"Geneva">The mentioned article =
suggestsed recompile mod_gzip to the 'normal' mode instead of the =
'debug' mode. After reading this, I looked at the Make file of =
mod_gzip-1.3.26.1a, but found no targets specifically for 'debug' or =
'normal'.  </FONT></U></P>
<BR>

<P><U><FONT COLOR=3D"#800080" FACE=3D"Geneva">My question about this =
issue is this: Should turning off mod_gzip logging  is enough to fix =
the problem? or must I remove mod_gzip_debug.c on compiling? =
</FONT></U></P>
<BR>

<P><U><FONT COLOR=3D"#800080" FACE=3D"Geneva">Thanks, </FONT></U></P>
<BR>

<P><U><FONT COLOR=3D"#800080" =
FACE=3D"Geneva">Jin</FONT></U><U></U><U></U></P>

</BODY>
</HTML>
------_=_NextPart_001_01C32B8C.3F10FE80--