Re: Fix for CVE-2021-40438 in bullseye missing?

To: Holger Mickler <holger.mickler@tu-dresden.de>, debian-apache@lists.debian.org
Subject: Re: Fix for CVE-2021-40438 in bullseye missing?
From: Yadd <yadd@debian.org>
Date: Fri, 26 Nov 2021 17:49:46 +0100
Message-id: <[🔎] 19355152-8ea5-cbf6-4afa-20cbb5a9a15b@debian.org>
In-reply-to: <[🔎] 4cc938a6-7c8c-456d-b7cf-ba374f5c0a0f@MSX-L311.msx.ad.zih.tu-dresden.de>
References: <[🔎] 4cc938a6-7c8c-456d-b7cf-ba374f5c0a0f@MSX-L311.msx.ad.zih.tu-dresden.de>

Le 26/11/2021 à 14:31, Holger Mickler a écrit :
> Dear apache maintainers,
> 
> as far as I can see in the changelog of apache2 in bullseye
> (https://packages.debian.org/bullseye/apache2)
> ->
> https://metadata.ftp-master.debian.org/changelogs//main/a/apache2/apache2_2.4.48-3.1+deb11u1_changelog
> 
> the latest version is as of Thu, 12 Aug 2021 13:51:47 +0200 and there is
> no patch for the above mentioned CVE yet?
> 
> As buster has it already - can you please provide the patch for
> bullseye, too?
> 
> Thanks and sorry if I overlooked sth.
> Holger

Hi,

Apache2 in Bullseye follows upstream changes, so no need to produce a
patch. See https://security-tracker.debian.org/tracker/CVE-2021-40438

Cheers,
Yadd

Reply to:

References:
- Fix for CVE-2021-40438 in bullseye missing?
  - From: Holger Mickler <holger.mickler@tu-dresden.de>

Prev by Date: Fix for CVE-2021-40438 in bullseye missing?
Next by Date: Bug#1000724: libapr1-dev: Enable cross-build Multi-Arch
Previous by thread: Fix for CVE-2021-40438 in bullseye missing?
Next by thread: Bug#1000724: libapr1-dev: Enable cross-build Multi-Arch
Index(es):
- Date
- Thread