Le 26/11/2021 à 14:31, Holger Mickler a écrit : > Dear apache maintainers, > > as far as I can see in the changelog of apache2 in bullseye > (https://packages.debian.org/bullseye/apache2) > -> > https://metadata.ftp-master.debian.org/changelogs//main/a/apache2/apache2_2.4.48-3.1+deb11u1_changelog > > the latest version is as of Thu, 12 Aug 2021 13:51:47 +0200 and there is > no patch for the above mentioned CVE yet? > > As buster has it already - can you please provide the patch for > bullseye, too? > > Thanks and sorry if I overlooked sth. > Holger
Hi, Apache2 in Bullseye follows upstream changes, so no need to produce a patch. See https://security-tracker.debian.org/tracker/CVE-2021-40438 Cheers, Yadd