Hi Daniel,
The two CVEs you mention, CVE-2023-27522 and CVE-2023-25690, have already
been
addressed in Ubuntu, and have been since March.
https://ubuntu.com/security/CVE-2023-27522
https://ubuntu.com/security/CVE-2023-25690
For 22.04, these were both fixed in apache2 2.4.52-1ubuntu4.4:
Hi Daniel
In Ubuntu we generally do not upgrade to new package versions to fix
security issues but instead backport the individual fixes. As such you
should not expect to see say apache 2.4.56 in Ubuntu 23.04. Instead we
just add the minimal change needed to fix the vulnerability on top of
the
Hello,
I was wondering on when you plan to upgrade Apache from 2.4.55 to at least
2.4.56 to address the vulnerabilities with Apache?
We have been checking weekly for a number of months now.
Changes with Apache 2.4.56
*) SECURITY: CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi
HTTP
