Control: tags -1 + confirmed On Sat, 2020-09-26 at 22:38 -0400, James Valleroy wrote: > This update proposes to fix security tracker issue CVE-2020-25073, > where a remote attackers could obtain sensitive information from the > /server-status page of the Apache HTTP Server, because a connection > from the Tor onion service (or from PageKite) is considered a local > connection.
Please go ahead. > This issue also exists in stretch. stretch is handled by the LTS team now, so you'll need to contact them if you'd like to update the package there. Regards, Adam