One of the PCI scanning companies is demanding an upgrade to 2.4.2 due to the
issues described in this CVE:
Changes with Apache 2.2.23
*) SECURITY: CVE-2012-0883 (cve.mitre.org)
envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
current working directory to be searched for DSOs. [Stefan Fritsch]
Is there any idea when 2.2.23 will be released? I'd rather not upgrade to 2.4.2
Apologies if this is the wrong list for this.
Best,
Luke Lozier
---
Bibliopolis, LLC
Berkeley | Pittsburgh
http://www.bibliopolis.com
