[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apache2 CVE-2016-4975

Note: This is only being sent to debian-LTS.

> I am currently investigating CVE-2016-4975 for Apache2. The issue is
> already two years old but was only made public yesterday. [1] I skimmed
> through old commit messages but I could not isolate the fixing commit.
> However I found this changelog entry [2] from December 13th, 2016 and
> you are listed as one of the upstream committers who apparently fixed
> this vulnerability.

Does this warrant an entry in dla-needed.txt?

I also wonder why it takes almost 2 years for a security vulnerability
to become public...
Brian May <bam@debian.org>

Reply to: