On Wed, Dec 25, 2024 at 11:27:39AM +0100, Salvatore Bonaccorso wrote:
> Hi,
> > Since this vulnerability is moderate and depends on a misconfiguration of
> > Apache or a different application I do not intend to provide a patch version
> > for Stable. In addition, the fix was done by replacing the config file
> > format (TXT to JSON) which is not a small topic to backport.
> >
> > If needed, 9.0 can be used as fix for Stable, it is compatible with this
> > release, too.
> > 9.0 can still read the old 8.x file format but changes are stored in new
> > format.
>
> Thanks for the update. I think it would be good to make sure we get
> the change in trixie with the rebase to 9.0.
>
> FWIW, for bookworm we marked the issue no-dsa, but I guess we then can
> mark it as ignored.
Agreed, I've just marked it as ignored for Bookworm.
Cheers,
Moritz
