Bug#847124: apache2: CVE-2016-8740: erver memory can be exhausted and service denied when HTTP/2 is used

To: Salvatore Bonaccorso <carnil@debian.org>, 847124@bugs.debian.org
Subject: Bug#847124: apache2: CVE-2016-8740: erver memory can be exhausted and service denied when HTTP/2 is used
From: Stefan Fritsch <sf@sfritsch.de>
Date: Sun, 11 Dec 2016 08:58:21 +0100
Message-id: <[🔎] 3095506.KBTlpuIsLG@k>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 847124@bugs.debian.org
In-reply-to: <[🔎] 148096878459.26136.12716486006375905503.reportbug@eldamar.local>
References: <[🔎] 148096878459.26136.12716486006375905503.reportbug@eldamar.local>

On Monday, 5 December 2016 21:13:04 CET Salvatore Bonaccorso wrote:
> CVE-2016-8740 was announced for apache, CVE-2016-8740, Server memory
> can be exhausted and service denied when HTTP/2 is used.

There are a few more security issues fixed in the pending 2.4.24 release. I 
will wait a bit more in the hope that this is released soonish.

Stefan

Reply to:

References:
- Bug#847124: apache2: CVE-2016-8740: erver memory can be exhausted and service denied when HTTP/2 is used
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: apr_1.5.2-5_amd64.changes ACCEPTED into unstable
Next by Date: Bug#499191: (no subject)
Previous by thread: Bug#847124: apache2: CVE-2016-8740: erver memory can be exhausted and service denied when HTTP/2 is used
Next by thread: Bug#847124: marked as done (apache2: CVE-2016-8740: erver memory can be exhausted and service denied when HTTP/2 is used)
Index(es):
- Date
- Thread