Re: apache2 CVE-2018-17199 stretch

To: debian-security@lists.debian.org
Cc: Bjørn Håkon Noss <nb@noss.cc>
Subject: Re: apache2 CVE-2018-17199 stretch
From: Stefan Fritsch <sf@sfritsch.de>
Date: Fri, 22 Mar 2019 21:20:29 +0100
Message-id: <[🔎] 1579456.igvMD3jVKU@k>
In-reply-to: <[🔎] CAFMP8skHR202UB896MAqTNjQmy1Egz+PyBpcUDnbQ-f2TdkeJA@mail.gmail.com>
References: <[🔎] CAFMP8skHR202UB896MAqTNjQmy1Egz+PyBpcUDnbQ-f2TdkeJA@mail.gmail.com>

On Monday, 18 March 2019 09:19:41 CET Bjørn Håkon Noss wrote:
> After looking at the Security tracker
> (https://security-tracker.debian.org/tracker/CVE-2018-17199), I can
> see that CVE-2018-17199 is fixed in both jessie and buster but not
> stretch.
> 
> Do you have any information about if and when it will be fixed in stretch?
> 
> The bug causes our PCI Compliance to fail.

As this is low severity, we intend to fix this in the next Debian stable point 
release (9.9).

Cheers,
Stefan

Reply to:

Follow-Ups:
- Re: apache2 CVE-2018-17199 stretch
  - From: Bjørn Håkon Noss <nb@noss.cc>

References:
- apache2 CVE-2018-17199 stretch
  - From: Bjørn Håkon Noss <nb@noss.cc>

Prev by Date: apache2 CVE-2018-17199 stretch
Next by Date: Re: apache2 CVE-2018-17199 stretch
Previous by thread: apache2 CVE-2018-17199 stretch
Next by thread: Re: apache2 CVE-2018-17199 stretch
Index(es):
- Date
- Thread