Re: CVE-2023-25690: Apache2 mod_proxy for old(old)stable?

To: roucaries bastien <roucaries.bastien+debian@gmail.com>
Cc: Philipp Hahn <hahn@univention.de>, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: CVE-2023-25690: Apache2 mod_proxy for old(old)stable?
From: Roberto C. Sánchez <roberto@debian.org>
Date: Thu, 20 Apr 2023 18:39:47 -0400
Message-id: <ZEG/M+X4sWpL/QwS@connexer.com>
Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, roucaries bastien <roucaries.bastien+debian@gmail.com>, Philipp Hahn <hahn@univention.de>, Debian LTS <debian-lts@lists.debian.org>
In-reply-to: <[🔎] CAE2SPAbbN2iY4Bk8xre1jLW4qEMv8mXPt9gdPbmpaP3TMcFwZg@mail.gmail.com>
References: <c10c285c-b39a-27dd-7ec4-6567feb00cf8@univention.de> <[🔎] 456edd06-694d-6a10-0cd2-c9d12fcc9f49@univention.de> <[🔎] CAE2SPAbbN2iY4Bk8xre1jLW4qEMv8mXPt9gdPbmpaP3TMcFwZg@mail.gmail.com>

On Thu, Apr 20, 2023 at 07:24:39PM +0000, roucaries bastien wrote:
> Hi Philipp,
> 
> I am working hard to reproduce the CVE and close on for good. I have a
> regression test for this near ready.
> 
> They are also some regression by applying this patch to perfectly
> correct configuration what will be now rejected.
> 
> I am asking the opinion of apache maintainer/security team before releasing.
> 
> Thanks for remainder
> 
> Bastien
> 

Hi Philipp,

To clarify, Bastien is working on a fix for CVE-2023-25690 for *both*
buster and stretch.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Reply to:

References:
- Fwd: CVE-2023-25690: Apache2 mod_proxy for old(old)stable?
  - From: Philipp Hahn <hahn@univention.de>
- Re: CVE-2023-25690: Apache2 mod_proxy for old(old)stable?
  - From: roucaries bastien <roucaries.bastien+debian@gmail.com>

Prev by Date: Re: CVE-2023-25690: Apache2 mod_proxy for old(old)stable?
Next by Date: Re: Triage status for a few old packages
Previous by thread: Re: CVE-2023-25690: Apache2 mod_proxy for old(old)stable?
Next by thread: Re: [SECURITY] [DLA 3406-1] sniproxy security update
Index(es):
- Date
- Thread