Bug#920220: apache2: CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1

2019-01-23 Thread Salvatore Bonaccorso
Hi Xavier, On Wed, Jan 23, 2019 at 09:54:29PM +0100, Xavier wrote: > Le 23/01/2019 à 21:50, Salvatore Bonaccorso a écrit : > > Hi Xavier, > > > > On Wed, Jan 23, 2019 at 09:46:44PM +0100, Xavier wrote: > >> Le 23/01/2019 à 20:57, Salvatore Bonaccorso a écrit : > >>> Control: tags -1 + fixed-upstr

Bug#920220: apache2: CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1

2019-01-23 Thread Xavier
Le 23/01/2019 à 21:50, Salvatore Bonaccorso a écrit : > Hi Xavier, > > On Wed, Jan 23, 2019 at 09:46:44PM +0100, Xavier wrote: >> Le 23/01/2019 à 20:57, Salvatore Bonaccorso a écrit : >>> Control: tags -1 + fixed-upstream >>> Control: tags -1 - patch >>> >>> Hi Xavier, >>> >>> On Wed, Jan 23, 2019

Bug#920220: apache2: CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1

2019-01-23 Thread Salvatore Bonaccorso
Hi Xavier, On Wed, Jan 23, 2019 at 09:46:44PM +0100, Xavier wrote: > Le 23/01/2019 à 20:57, Salvatore Bonaccorso a écrit : > > Control: tags -1 + fixed-upstream > > Control: tags -1 - patch > > > > Hi Xavier, > > > > On Wed, Jan 23, 2019 at 09:18:36AM +0100, Xavier wrote: > >> Hello, > >> > >> D

Bug#920220: apache2: CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1

2019-01-23 Thread Xavier
Le 23/01/2019 à 20:57, Salvatore Bonaccorso a écrit : > Control: tags -1 + fixed-upstream > Control: tags -1 - patch > > Hi Xavier, > > On Wed, Jan 23, 2019 at 09:18:36AM +0100, Xavier wrote: >> Hello, >> >> Debian bug is tagged as "patch", but I didn't find any patch in the >> related documents.

Bug#920220: apache2: CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1

2019-01-23 Thread Salvatore Bonaccorso
Control: tags -1 + fixed-upstream Control: tags -1 - patch Hi Xavier, On Wed, Jan 23, 2019 at 09:18:36AM +0100, Xavier wrote: > Hello, > > Debian bug is tagged as "patch", but I didn't find any patch in the > related documents. Can you give me the link to patch ? Well you are right, not a patch

Processed: Re: Bug#920220: apache2: CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1

2019-01-23 Thread Debian Bug Tracking System
Processing control commands: > tags -1 + fixed-upstream Bug #920220 [src:apache2] apache2: CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1 Added tag(s) fixed-upstream. > tags -1 - patch Bug #920220 [src:apache2] apache2: CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used wi

Bug#920220: apache2: CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1

2019-01-23 Thread Xavier
Hello, Debian bug is tagged as "patch", but I didn't find any patch in the related documents. Can you give me the link to patch ? Cheers, Xavier Le 22/01/2019 à 21:18, Salvatore Bonaccorso a écrit : > Source: apache2 > Version: 2.4.37-1 > Severity: grave > Tags: patch security upstream > > Hi (

Bug#920220: apache2: CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1

2019-01-22 Thread Salvatore Bonaccorso
Source: apache2 Version: 2.4.37-1 Severity: grave Tags: patch security upstream Hi (Stefan), I agree the severity is not the best choosen one for this issue, it is more to ensure we could release buster with an appropriate fix already before the release. If you disagree, please do downgrade. The