Hi Chris, Utkarsh, all
In this particular case Salvatore have told that the CVE needs to be
assigned by Apache CNA.
We should ask them about it I guess.
When I added it to dla-needed it looked severe enough to warrant a fix. Let
me know if you have any other opinion.
If we see delays in response
Hi Utkarsh et al.,
> Unless there's a CVE assigned for this, should I really be fixing it
> and announcing the update?
This might be conflating cause and effect. Let me ask a question in
return - did you consider applying for a CVE? If we cannot justify
applying for one on grounds of severity th
Hi,
On Sat, 2 May, 2020, 3:28 AM Ola Lundqvist, wrote:
> Added the package to DLA needed.
>
Unless there's a CVE assigned for this, should I really be fixing it and
announcing the update?
Best,
Utkarsh
>
Hi
Added the package to DLA needed.
// Ola
On Thu, 30 Apr 2020 at 06:31, Salvatore Bonaccorso wrote:
>
> Hi,
>
> [For context, this report first reached the security team, we
> redirected to the LTS team as specific for the jessie version of
> apache2]
>
> On Wed, Apr 29, 2020 at 07:00:38AM +00
Hi,
[For context, this report first reached the security team, we
redirected to the LTS team as specific for the jessie version of
apache2]
On Wed, Apr 29, 2020 at 07:00:38AM +, Andrey Zelenchuk wrote:
> Package: apache2
> Version: 2.4.10-10+deb8u16
> Severity: grave
> Tags: security
>
> Dea
Package: apache2
Version: 2.4.10-10+deb8u16
Severity: grave
Tags: security
Dear Maintainer,
There is a bug in mod_remoteip (a part of Apache Web Server):
https://bz.apache.org/bugzilla/show_bug.cgi?id=60251
Although the status of this bug is "NEW", actually it was fixed in Apache
2.4.24.
Althou