Hi Bill, Thanks for getting back to me, much appreciated.
John -----Original Message----- From: Bill Cole [mailto:sa-bugz-20080...@billmail.scconsult.com] Sent: 11 April 2019 15:29 To: dev@community.apache.org Cc: Murphy, John Subject: Re: CVE-2019-0211 applicable to versions 2.2.x? On 11 Apr 2019, at 4:27, Murphy, John wrote: > CVE-2019-0211 is described as being applicable to HTTPD versions > 2.4.17 to 2.4.38 inclusive. Does this mean that the vulnerability is > not applicable to older, 2.2.x version? You might get a more detailed response if you try a support channel for the Apache HTTP Server, rather than in the ASF Community Development mailing list... See https://httpd.apache.org Also note that on the front page of https://httpd.apache.org there is a clear direct announcement from over a year ago stating that: "no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases." This implies that if anyone knows about the relevance of 2019 security bugs to 2017 code, it would be someone other than the Apache HTTP Server Project. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Available For Hire: https://linkedin.com/in/billcole This email and any attached files are confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the addressee, any disclosure, reproduction, copying, distribution, or other dissemination or use of this communication is strictly prohibited. If you have received this transmission in error please notify the sender immediately and then delete the email. Alternatively you can call us. A full list of contact numbers is available on https://www.kbc.ie/contact-us Email transmission cannot be guaranteed to be secure or error free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, and shall have no liability for any loss or damage suffered by the user, which arise as a result of email transmission. If verification is required please request a hard copy version. KBC Bank Ireland plc is regulated by the Central Bank of Ireland. KBC Bank Ireland plc is a company registered in the Republic of Ireland, Company Number 40537. Registered Office: Sandwith Street, Dublin 2, Ireland. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
