On 11 Apr 2019, at 4:27, Murphy, John wrote:
CVE-2019-0211 is described as being applicable to HTTPD versions 2.4.17 to 2.4.38 inclusive. Does this mean that the vulnerability is not applicable to older, 2.2.x version?
You might get a more detailed response if you try a support channel for the Apache HTTP Server, rather than in the ASF Community Development mailing list... See https://httpd.apache.org
Also note that on the front page of https://httpd.apache.org there is a clear direct announcement from over a year ago stating that: "no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases." This implies that if anyone knows about the relevance of 2019 security bugs to 2017 code, it would be someone other than the Apache HTTP Server Project.
-- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Available For Hire: https://linkedin.com/in/billcole --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
