Re: CVE-2023-25690: Apache2 mod_proxy for old(old)stable?
On Thu, Apr 20, 2023 at 07:24:39PM +0000, roucaries bastien wrote:
> Hi Philipp,
>
> I am working hard to reproduce the CVE and close on for good. I have a
> regression test for this near ready.
>
> They are also some regression by applying this patch to perfectly
> correct configuration what will be now rejected.
>
> I am asking the opinion of apache maintainer/security team before releasing.
>
> Thanks for remainder
>
> Bastien
>
Hi Philipp,
To clarify, Bastien is working on a fix for CVE-2023-25690 for *both*
buster and stretch.
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: