Hi Roberto, > > I have prepared a new apache2 package (version 2.2.22-13+deb7u13) to > > address CVE-2017-15710, CVE-2018-1301, and CVE-2018-1312. The patch for > > CVE-2018-1312 did not apply cleanly, required backporting an additional > > commit from the Apache history, as well as adjusting the function calls > > for logging and managing pool data. > > > > As I do not use digest authentication, I thought it prudent to give > > others the opportunity to test these packages before I upload them. > > Unless I hear a negative report, I intend to upload on Tuesday or > > Wednesday. > > > The packages are available here: https://people.debian.org/~roberto/ I have successfully: * installed the packages in a clean Debian Wheezy system * got "it works" on localhost:80 * changed the default configuration for a custom website * tested the directory indexing feature Those are pretty basic tests, but the update looks fine to me. Regards, Hugo -- Hugo Lefeuvre (hle) | www.owl.eu.com 4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA
Attachment:
signature.asc
Description: PGP signature