Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Thu, 09 Jun 2022 06:33:53 +0200
Source: apache2
Built-For-Profiles: nocheck
Architecture: source
Version: 2.4.54-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers
Changed-By: Yadd
Your message dated Thu, 09 Jun 2022 05:03:55 +
with message-id
and subject line Bug#1010455: fixed in apache2 2.4.54-1
has caused the Debian Bug report #1010455,
regarding Should apache2.README.Debian refer to apache-htcacheclean ?
to be marked as done.
This means that you claim that the
Your message dated Thu, 09 Jun 2022 05:03:55 +
with message-id
and subject line Bug#1012513: fixed in apache2 2.4.54-1
has caused the Debian Bug report #1012513,
regarding apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615
CVE-2022-29404 CVE-2022-30522 CVE-2022-30556
to be
apache2_2.4.54-1_sourceonly.changes uploaded successfully to localhost
along with the files:
apache2_2.4.54-1.dsc
apache2_2.4.54.orig.tar.gz
apache2_2.4.54.orig.tar.gz.asc
apache2_2.4.54-1.debian.tar.xz
Greetings,
Your Debian queue daemon (running on host usper.debian.org)
Processing commands for cont...@bugs.debian.org:
> tags 1012513 + upstream
Bug #1012513 [src:apache2] apache2: CVE-2022-31813 CVE-2022-26377
CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556
Added tag(s) upstream.
> found 1012513 2.4.53-2
Bug #1012513 [src:apache2]
On Wed, Jun 08, 2022 at 07:51:28PM +0200, Yadd wrote:
> Hi,
>
> those CVEs are tagged low/moderate by upstream, why did you tag this bug as
> grave ?
Anything moderate or above should get fixed by the next Debian release IOW RC
severity.
Cheers,
Moritz
Hi,
those CVEs are tagged low/moderate by upstream, why did you tag this bug as
grave ?
Cheers,
Yadd
Le Mercredi, Juin 08, 2022 17:49 CEST, Moritz Mühlenhoff a
écrit:
> Source: apache2
> X-Debbugs-CC: t...@security.debian.org
> Severity: grave
> Tags: security
>
> Hi,
>
> The following
You made a very good investigation on the topic.
I agree that a public cert shouldn't be placed into the same folder as
CA certs. There is some mention of a weird bug
https://serverfault.com/a/840191/442430
Instead I think that both private key and cert should be merged into a
one file and placed
Source: apache2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for apache2.
CVE-2022-31813[0]:
| Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-*
| headers to the origin server based on client side
Hello,
Are you affected by limited local resources or service capability disrupted by
war? You want to work with an experienced company from the European Union?
Dynamic software company, since 2011 on the market, with over 100 software
engineers opens for new work. We usually work with EMEA
10 matches
Mail list logo