Bug#920220: apache2: CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1
Hi Xavier,
On Wed, Jan 23, 2019 at 09:46:44PM +0100, Xavier wrote:
> Le 23/01/2019 à 20:57, Salvatore Bonaccorso a écrit :
> > Control: tags -1 + fixed-upstream
> > Control: tags -1 - patch
> >
> > Hi Xavier,
> >
> > On Wed, Jan 23, 2019 at 09:18:36AM +0100, Xavier wrote:
> >> Hello,
> >>
> >> Debian bug is tagged as "patch", but I didn't find any patch in the
> >> related documents. Can you give me the link to patch ?
> >
> > Well you are right, not a patch per se, maybe fixed-upstream and
> > "there is a patch" would have been better. Let me fix that.
> >
> > If feasible possibly updating to the new upstream version fixing this
> > CVE (and two other) would be better if still feasible so short before
> > the soft freeze.
> >
> > Regards,
> > Salvatore
>
> Hello,
>
> looking at last release changelog, bug seems not fixed
Cf. https://www.openwall.com/lists/oss-security/2019/01/22/4, where it
is fixed in 2.4.38 upstream.
HTH,
Regards,
Salvatore
Reply to: