Bug#734446: pu: package apache2/2.2.16-6+squeeze11a - CVE-2013-1862

To: Bastian Blank <bastian.blank@credativ.de>
Cc: 734446@bugs.debian.org
Subject: Bug#734446: pu: package apache2/2.2.16-6+squeeze11a - CVE-2013-1862
From: Stefan Fritsch <sf@sfritsch.de>
Date: Tue, 07 Jan 2014 21:11:18 +0100
Message-id: <[🔎] 3259811.MI57m2bEpP@k>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 734446@bugs.debian.org
In-reply-to: <[🔎] 20140107102125.7302.75499.reportbug@lacehammer.credativ.lan>
References: <[🔎] 20140107102125.7302.75499.reportbug@lacehammer.credativ.lan>

Am Dienstag, 7. Januar 2014, 11:21:25 schrieben Sie:
> CVE-2013-1862 is a low impact security bug. It should be fixed via
> pu. Apache maintainers: Do you want to handle this yourself?

I was intending to batch this together with the next DSA for a more 
important issue, but so far no such issue has appeared. There is also 
CVE-2013-1896 and one other equally low impact, but yet undisclosed 
issue open.

And if we do an p-u upload, there would be one or two non-security 
bugfixes and possibly the ECDHE backport #733564 one could include. Is 
CVE-2013-1862 really so important that it needs to be fixed soon?

Reply to:

Follow-Ups:
- Bug#734446: pu: package apache2/2.2.16-6+squeeze11a - CVE-2013-1862
  - From: Bastian Blank <bastian.blank@credativ.de>

References:
- Bug#734446: pu: package apache2/2.2.16-6+squeeze11a - CVE-2013-1862
  - From: Bastian Blank <bastian.blank@credativ.de>

Prev by Date: Re: I: sdlgfx 2.0.25
Next by Date: Scheduling 7.4 and 6.0.9
Previous by thread: Bug#734446: pu: package apache2/2.2.16-6+squeeze11a - CVE-2013-1862
Next by thread: Bug#734446: pu: package apache2/2.2.16-6+squeeze11a - CVE-2013-1862
Index(es):
- Date
- Thread