The security Team is subscribed here, they would know where to discuss security. But I guess Alex has given the answer in [1] already.
Next steps (for you to know) are following the SRU process [2]. TL;DR: 1. the SRU Team reviews my upload and approves/rejects 2. it will build for xenial-proposed 3. regression tests will run there 4. we need to verify the fix really works as expected 5. some maturing time needs to pass 6. the update is releases into xenial-updates [1]: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1875299/comments/2 [2]: https://wiki.ubuntu.com/StableReleaseUpdates -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1875299 Title: Apache's mod_remoteip: IP address spoofing via X-Forwarded-For when mod_rewrite rule is triggered To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1875299/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
