On 2017-09-19 10:30 AM, Glen Willmot wrote:
> Good morning,
>
> Just curious on when we'll see an update on the apache2 release to version
> 2.4.28 to patch against the "Optionsbleed" bug detailed by CVE-2017-9798.
>
> More info on the severity of this bug can be seen at:
> https://blog.fuzzing-p
Ah, nice. I wasn't aware of the process.
Thank you, Robie and Thomas. I had run apt update before they were
released, but I see them now and have updated.
Glen
On Wed, Sep 20, 2017 at 7:18 PM, Thomas Ward wrote:
> You won't see an update to 2.4.28 I bet. Instead, you'll see a patched
> versio
You won't see an update to 2.4.28 I bet. Instead, you'll see a patched
version of the package uploaded which contains the fix for the CVE -
this is typically what is done to update packages in older releases for
security fixes, by the Security Team.
Refer to the CVE tracker -
https://people.canon
On Tue, Sep 19, 2017 at 10:30:20AM -0400, Glen Willmot wrote:
> Just curious on when we'll see an update on the apache2 release to
> version 2.4.28 to patch against the "Optionsbleed" bug detailed by
> CVE-2017-9798.
Already done, but by backporting the fix (as usual for Linux
distributions) rathe
Good morning,
Just curious on when we'll see an update on the apache2 release to version
2.4.28 to patch against the "Optionsbleed" bug detailed by CVE-2017-9798.
More info on the severity of this bug can be seen at:
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Ap
