[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2018-1302/apache2 as postponed for stretch
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 3 10:13:55 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
05120433 by Salvatore Bonaccorso at 2018-04-03T11:12:20+02:00
Mark CVE-2018-1302/apache2 as postponed for stretch
The change is intrusive to isolately backported. Stefan Fritsch
suggested to actually update mod_http2 to 2.4.33's version but expose
the update to more testing for that. An update will be proposed via the
stretch-pu mechanism and to be included in the upcoming pointrelease.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -21209,6 +21209,7 @@ CVE-2018-1303 (A specially crafted HTTP request header could have crashed the Ap
NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/3
CVE-2018-1302 (When an HTTP/2 stream was destroyed after being handled, the Apache ...)
- apache2 2.4.33-1
+ [stretch] - apache2 <postponed> (Will be fixed via stretch-pu and upating to 2.4.33's mod_http2)
[jessie] - apache2 <not-affected> (Vulnerable code not present)
[wheezy] - apache2 <not-affected> (Vulnerable code not present)
NOTE: HTTP/2 support introduced in 2.4.17
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05120433e84c051eb3216765bbfe893bb67384e9
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05120433e84c051eb3216765bbfe893bb67384e9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180403/82080653/attachment.html>
More information about the debian-security-tracker-commits
mailing list