Le 19/06/2021 à 14:57, Sebastian Ramacher a écrit :
> On 2021-06-14 21:08:14 +0200, Moritz Mühlenhoff wrote:
>> Yadd wrote:
>>> Our current apache2 policy keeps a lot of (maybe unimportant) CVE opened
>>> [1].
>>
>> Note that this isn't really accurate: While there are CVEs listed with
>> 2019- or
On 2021-06-14 21:08:14 +0200, Moritz Mühlenhoff wrote:
> Yadd wrote:
> > Our current apache2 policy keeps a lot of (maybe unimportant) CVE opened
> > [1].
>
> Note that this isn't really accurate: While there are CVEs listed with
> 2019- or 2020-, those were in fact all only recently published
Yadd wrote:
> Our current apache2 policy keeps a lot of (maybe unimportant) CVE opened
> [1].
Note that this isn't really accurate: While there are CVEs listed with
2019- or 2020-, those were in fact all only recently published with the
latest Apache release.
> Then I'd like to see if it is
Hi all,
In the past we had some problems to follow CVE fixes for Apache2. For
Buster, we had to import the whole http2 module from 2.4.46 into 2.4.38
because it was impossible to apply the upstream fix due to module
changes. This isolated import was really risky but we didn't found a
better way.
4 matches
Mail list logo
