Five recent Apache CVE

To: sf@debian.org
Cc: debian-apache@lists.debian.org
Subject: Five recent Apache CVE
From: Jose Kahan <jose.kahan@w3.org>
Date: Wed, 21 Jun 2017 09:39:28 +0200
Message-id: <[🔎] 20170621073928.GA5472@kiribati.inrialpes.fr>
Reply-to: jose.kahan@w3.org

Hello Stefan,

I'm not sure if you saw these recent CVE for apache? 

Security patches were published with them.

Any idea when they will be integrated into debian? I had received
these CVE early on on the apache-dev mailing list.

KUDOS!

--jose

Jun 19 Jacob Champion  (  35) [SECURITY] CVE-2017-3167: ap_get_basic_auth_pw authentication bypass
Jun 19 Jacob Champion  (  27) [SECURITY] CVE-2017-3169: mod_ssl null pointer dereference
Jun 19 Jacob Champion  (  23) [SECURITY] CVE-2017-7659: mod_http2 null pointer dereference
Jun 19 Jacob Champion  (  31) [SECURITY] CVE-2017-7668: ap_find_token buffer overread
Jun 19 Jacob Champion  (  27) [SECURITY] CVE-2017-7679: mod_mime buffer overread

Reply to:

Follow-Ups:
- Re: Five recent Apache CVE
  - From: sf@debian.org

Prev by Date: Re: Five recent Apache CVE
Next by Date: apache 2.4.26?
Previous by thread: apache2_2.4.25-4_amd64.changes ACCEPTED into unstable
Next by thread: Re: Five recent Apache CVE
Index(es):
- Date
- Thread