Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
05120433 by Salvatore Bonaccorso at 2018-04-03T11:12:20+02:00
Mark CVE-2018-1302/apache2 as postponed for stretch
The change is intrusive to isolately backported. Stefan Fritsch
suggested to actually update mod_http2 to 2.4.33's version but expose
the update to more testing for that. An update will be proposed via the
stretch-pu mechanism and to be included in the upcoming pointrelease.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -21209,6 +21209,7 @@ CVE-2018-1303 (A specially crafted HTTP request header
could have crashed the Ap
NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/3
CVE-2018-1302 (When an HTTP/2 stream was destroyed after being handled, the
Apache ...)
- apache2 2.4.33-1
+ [stretch] - apache2 <postponed> (Will be fixed via stretch-pu and
upating to 2.4.33's mod_http2)
[jessie] - apache2 <not-affected> (Vulnerable code not present)
[wheezy] - apache2 <not-affected> (Vulnerable code not present)
NOTE: HTTP/2 support introduced in 2.4.17
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/05120433e84c051eb3216765bbfe893bb67384e9
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/05120433e84c051eb3216765bbfe893bb67384e9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
