Looks like Apache is not affected. [1] I guess would be
justified here.
Markus
[1]
https://mail-archives.apache.org/mod_mbox/tomcat-users/201610.mbox/%3CCABzHfVmjt6oRKZfETgrP22wX%3DMF%2BSZsYDw2mAJkmhwcHDt0T3Q%40mail.gmail.com%3E
signature.asc
Description: OpenPGP digital signature
__
This is
On 07.10.2016 16:20, Salvatore Bonaccorso wrote:
> Hi Markus,
[...]
> Thanks for your investigation! Have you good upstream contact to try
> to clarify why the above statement was made?
Hi Salvatore,
unfortunately not. I'm just the guy who tries to keep these packages
alive. But I agree that we
Hi Markus,
On Fri, Oct 07, 2016 at 03:21:54PM +0200, Markus Koschany wrote:
> On 07.10.2016 14:15, Salvatore Bonaccorso wrote:
> [...]
> >
> > Now whilst the affected code is back present in 1.2.0, I need some
> > help understanding the actual impact for us. According to the build
> > log this co
On Fri, Oct 07, 2016 at 02:15:32PM +0200, Salvatore Bonaccorso wrote:
> Can you clarify if this is correct? If so we would mark the CVE as
> (unimportant) and thus as well not release a DSA, and a 1:1.2.42
> upload to unstable can then mark the CVE as fixed.
... or actually (Windows specific) in
On 07.10.2016 14:15, Salvatore Bonaccorso wrote:
[...]
>
> Now whilst the affected code is back present in 1.2.0, I need some
> help understanding the actual impact for us. According to the build
> log this common code is as well compiled in into the mod_jk, The
> upstream description though menti
Processing control commands:
> found -1 1:1.2.37-4
Bug #84 [src:libapache-mod-jk] libapache-mod-jk: CVE-2016-6808
Marked as found in versions libapache-mod-jk/1:1.2.37-4.
--
84: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=84
Debian Bug Tracking System
Contact ow...@bugs.debian.o
Control: found -1 1:1.2.37-4
Hi
On Fri, Oct 07, 2016 at 01:26:00PM +0200, Salvatore Bonaccorso wrote:
> Source: libapache-mod-jk
> Version: 1:1.2.41-1
> Severity: important
> Tags: security upstream patch
>
> Hi,
>
> the following vulnerability was published for libapache-mod-jk.
>
> CVE-2016-
Source: libapache-mod-jk
Version: 1:1.2.41-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for libapache-mod-jk.
CVE-2016-6808[0]:
buffer overflow
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Ex
8 matches
Mail list logo