Le 23/01/2019 à 21:50, Salvatore Bonaccorso a écrit :
> Hi Xavier,
> 
> On Wed, Jan 23, 2019 at 09:46:44PM +0100, Xavier wrote:
>> Le 23/01/2019 à 20:57, Salvatore Bonaccorso a écrit :
>>> Control: tags -1 + fixed-upstream
>>> Control: tags -1 - patch
>>>
>>> Hi Xavier,
>>>
>>> On Wed, Jan 23, 2019 at 09:18:36AM +0100, Xavier wrote:
>>>> Hello,
>>>>
>>>> Debian bug is tagged as "patch", but I didn't find any patch in the
>>>> related documents. Can you give me the link to patch ?
>>>
>>> Well you are right, not a patch per se, maybe fixed-upstream and
>>> "there is a patch" would have been better. Let me fix that.
>>>
>>> If feasible possibly updating to the new upstream version fixing this
>>> CVE (and two other) would be better if still feasible so short before
>>> the soft freeze.
>>>
>>> Regards,
>>> Salvatore
>>
>> Hello,
>>
>> looking at last release changelog, bug seems not fixed
> 
> Cf. https://www.openwall.com/lists/oss-security/2019/01/22/4, where it
> is fixed in 2.4.38 upstream.
> 
> HTH,
> 
> Regards,
> Salvatore

I see that but the provided link [1] doesn't mention it, neither apache2
changelog.

[1] https://httpd.apache.org/security/vulnerabilities_24.html

Reply via email to