Re: Apache2 CVE-2016-4975
Note: This is only being sent to debian-LTS.
> I am currently investigating CVE-2016-4975 for Apache2. The issue is
> already two years old but was only made public yesterday.  I skimmed
> through old commit messages but I could not isolate the fixing commit.
> However I found this changelog entry  from December 13th, 2016 and
> you are listed as one of the upstream committers who apparently fixed
> this vulnerability.
Does this warrant an entry in dla-needed.txt?
I also wonder why it takes almost 2 years for a security vulnerability
to become public...
Brian May <firstname.lastname@example.org>