On Tue, May 21, 2019 at 10:23:22AM +0200, Christian Folini wrote: > > And the CVE description > > explicitly refers to ModSecurity, so if those reports are not correct, the > > CVE IDs should be rejected as MITRE. > > Yes. Our plan is to bring out a fix and then get in touch and have 4 of the 5 > CVEs rejected. Unfortunately, the fix is far more complicated than we had > hoped for. But we have a pull request now, so this is getting closer.
Ack, sounds good. If those get rejected, the Security Tracker will pick it up from the MITRE feed. Cheers, Moritz