Am 22.01.2019 um 10:33 schrieb Daniel Gruno:
On 1/22/19 8:09 AM, Stefan Priebe - Profihost AG wrote:
Hi,

in twitter and other social media channels they're talking about a
current apache 0 day:
https://twitter.com/i/web/status/1087593706444730369

which wasn't handled / isn't currently fixed.

Some details are here:
https://github.com/hannob/apache-uaf

If this is true there will be exploits soon. Is there anything planned?
Does 2.4.38 fix those issues?

Greets,
Stefan


Hi Stefan, and good morning.

I figured I should write something to calm people that might be concerned.

I will reply in length in a while (coffee is needed first), it takes time to write a proper response that explains our processes and considerations with issues like this, especially when people start hyping the matter. Such is social media, I guess.

Until then, I will say quickly that we do not at present consider this something you should be alarmed about. Boring elaboration to follow in a while when I have compiled it :)

With regards,
Daniel, speaking as just a normal committer.

Here's the response we have compiled from Daniel, Stefan and others:

https://bz.apache.org/bugzilla/show_bug.cgi?id=63098

Regards,

Rainer

Reply via email to