>> CVE-2015-3276 appears to be unfixed in 2.4.44, and from several >> attempts at finding the bug reported in your mailing list archive >> I came up empty. So ... The best I've found from this CVE is >> RedHat's bugzilla entry at >> >> https://bugzilla.redhat.com/show_bug.cgi?id=3D1238322 >> >> which contains a (suggested) patch. > > We can integrate a suggested fix if the patch author submits their > patch to our ITS directly. Due to IPR concerns we don't accept or act=
> on 3rd party patch submissions. Hm, ok. I've submitted an update to the above bug entry petitioning for them to release the fix. We'll see if they act on it. Regards, - H=E5vard
