On Tue, May 21, 2019 at 10:23:22AM +0200, Christian Folini wrote:
> > And the CVE description
> > explicitly refers to ModSecurity, so if those reports are not correct, the
> > CVE IDs should be rejected as MITRE.
>
> Yes. Our plan is to bring out a fix and then get in touch and have 4 of the 5
> CVEs rejected. Unfortunately, the fix is far more complicated than we had
> hoped for. But we have a pull request now, so this is getting closer.
Ack, sounds good. If those get rejected, the Security Tracker will pick
it up from the MITRE feed.
Cheers,
Moritz
