Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 05120433 by Salvatore Bonaccorso at 2018-04-03T11:12:20+02:00 Mark CVE-2018-1302/apache2 as postponed for stretch The change is intrusive to isolately backported. Stefan Fritsch suggested to actually update mod_http2 to 2.4.33's version but expose the update to more testing for that. An update will be proposed via the stretch-pu mechanism and to be included in the upcoming pointrelease. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -21209,6 +21209,7 @@ CVE-2018-1303 (A specially crafted HTTP request header could have crashed the Ap NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/3 CVE-2018-1302 (When an HTTP/2 stream was destroyed after being handled, the Apache ...) - apache2 2.4.33-1 + [stretch] - apache2 <postponed> (Will be fixed via stretch-pu and upating to 2.4.33's mod_http2) [jessie] - apache2 <not-affected> (Vulnerable code not present) [wheezy] - apache2 <not-affected> (Vulnerable code not present) NOTE: HTTP/2 support introduced in 2.4.17 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05120433e84c051eb3216765bbfe893bb67384e9 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05120433e84c051eb3216765bbfe893bb67384e9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits