[Secure-testing-commits] r47567 - in data: . CVE
Ola Lundqvist
opal at moszumanska.debian.org
Thu Dec 29 21:38:07 UTC 2016
Author: opal
Date: 2016-12-29 21:38:07 +0000 (Thu, 29 Dec 2016)
New Revision: 47567
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Notes about apache2.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-29 21:37:23 UTC (rev 47566)
+++ data/CVE/list 2016-12-29 21:38:07 UTC (rev 47567)
@@ -13581,8 +13581,11 @@
NOTE: The fix is not fully backwards compatible so upstream have
NOTE: created a new option to control this behaviour. This means that
NOTE: if this is fixed the security advisory need to mention this.
+ NOTE: The fix is invasive and should require some extra testing before reaching
+ NOTE: stable and old-stable.
NOTE: Affects: 2.2.0 to 2.4.23.
NOTE: Fixed in 2.4.25.
+ NOTE: For 2.2 preparation is done in http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x-merge-http-strict/
CVE-2016-8742
RESERVED
CVE-2016-8741
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2016-12-29 21:37:23 UTC (rev 47566)
+++ data/dla-needed.txt 2016-12-29 21:38:07 UTC (rev 47567)
@@ -15,6 +15,8 @@
NOTE: be mentioned very clearly in the DLA sent out. Also that this change
NOTE: is not fully backwards compatible. Upstream is preparing
NOTE: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x-merge-http-strict/
+ NOTE: This change is invasive and need extra testing. We should
+ NOTE: wait until it has been fixed in one of stable and sid.
--
asterisk (Markus Koschany)
--
More information about the Secure-testing-commits
mailing list