Hi Added the package to DLA needed.
// Ola On Thu, 30 Apr 2020 at 06:31, Salvatore Bonaccorso <[email protected]> wrote: > > Hi, > > [For context, this report first reached the security team, we > redirected to the LTS team as specific for the jessie version of > apache2] > > On Wed, Apr 29, 2020 at 07:00:38AM +0000, Andrey Zelenchuk wrote: > > Package: apache2 > > Version: 2.4.10-10+deb8u16 > > Severity: grave > > Tags: security > > > > Dear Maintainer, > > > > There is a bug in mod_remoteip (a part of Apache Web Server): > > https://bz.apache.org/bugzilla/show_bug.cgi?id=60251 > > Although the status of this bug is "NEW", actually it was fixed in > > Apache 2.4.24. > > Although a CVE id was not requested yet, actually it is a vulnerability. > > For this one, if there is need of a CVE, then this needs to be done by > the Apache CNA itself, as it's a product covered by this CNA, cf. > https://cve.mitre.org/cve/request_id.html#cna_participants > > So, Andrey I would suggest ask directly them if (or why not) a CVE > might be assigned for this mod_remoteip issue. > > Hope this helps, > > Regards, > Salvatore > -- --- Inguza Technology AB --- MSc in Information Technology ---- | [email protected] [email protected] | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
