On Tue, May 21, 2019 at 10:23:22AM +0200, Christian Folini wrote:
> > And the CVE description
> > explicitly refers to ModSecurity, so if those reports are not correct, the
> > CVE IDs should be rejected as MITRE.
> 
> Yes. Our plan is to bring out a fix and then get in touch and have 4 of the 5
> CVEs rejected. Unfortunately, the fix is far more complicated than we had
> hoped for. But we have a pull request now, so this is getting closer.

Ack, sounds good. If those get rejected, the Security Tracker will pick
it up from the MITRE feed.

Cheers,
        Moritz

Reply via email to