Control: tags -1 + confirmed

On Sat, 2020-09-26 at 22:38 -0400, James Valleroy wrote:
> This update proposes to fix security tracker issue CVE-2020-25073,
> where a remote attackers could obtain sensitive information from the
> /server-status page of the Apache HTTP Server, because a connection
> from the Tor onion service (or from PageKite) is considered a local
> connection.

Please go ahead.

> This issue also exists in stretch.

stretch is handled by the LTS team now, so you'll need to contact them
if you'd like to update the package there.

Regards,

Adam

Reply via email to