Hello, Debian bug is tagged as "patch", but I didn't find any patch in the related documents. Can you give me the link to patch ?
Cheers, Xavier Le 22/01/2019 à 21:18, Salvatore Bonaccorso a écrit : > Source: apache2 > Version: 2.4.37-1 > Severity: grave > Tags: patch security upstream > > Hi (Stefan), > > I agree the severity is not the best choosen one for this issue, it is > more to ensure we could release buster with an appropriate fix already > before the release. If you disagree, please do downgrade. > > The following vulnerability was published for apache2. > > CVE-2019-0190[0]: > mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1 > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2019-0190 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190 > [1] https://marc.info/?l=oss-security&m=154817901921421&w=2 > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore >