subject:"Bug#1012513\: apache2\: CVE\-2022\-31813 CVE\-2022\-26377 CVE\-2022\-28614 CVE\-2022\-28615 CVE\-2022\-29404 CVE\-2022\-30522 CVE\-2022\-30556"

Bug#1012513: apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556

2022-06-08 Thread Moritz Muehlenhoff

On Wed, Jun 08, 2022 at 07:51:28PM +0200, Yadd wrote: > Hi, > > those CVEs are tagged low/moderate by upstream, why did you tag this bug as > grave ? Anything moderate or above should get fixed by the next Debian release IOW RC severity. Cheers, Moritz

Bug#1012513: apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556

2022-06-08 Thread Yadd

Hi, those CVEs are tagged low/moderate by upstream, why did you tag this bug as grave ? Cheers, Yadd Le Mercredi, Juin 08, 2022 17:49 CEST, Moritz Mühlenhoff a écrit: > Source: apache2 > X-Debbugs-CC: t...@security.debian.org > Severity: grave > Tags: security > > Hi, > > The following

Bug#1012513: apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556

2022-06-08 Thread Moritz Mühlenhoff

Source: apache2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for apache2. CVE-2022-31813[0]: | Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* | headers to the origin server based on client side