Ah, nice. I wasn't aware of the process. Thank you, Robie and Thomas. I had run apt update before they were released, but I see them now and have updated.
Glen On Wed, Sep 20, 2017 at 7:18 PM, Thomas Ward <tew...@ubuntu.com> wrote: > You won't see an update to 2.4.28 I bet. Instead, you'll see a patched > version of the package uploaded which contains the fix for the CVE - this > is typically what is done to update packages in older releases for security > fixes, by the Security Team. > > Refer to the CVE tracker - https://people.canonical.com/~ > ubuntu-security/cve/2017/CVE-2017-9798.html - this details what versions > are fixed, which are pending upload, etc. - normally we (that is, Ubuntu > and the Security Team, of which I am not a part) don't upgrade Apache in > all releases to a newer version; we patch them instead. > > Thomas > Ubuntu Server Team Member > Launchpad: ~teward > > On 09/19/2017 10:30 AM, Glen Willmot wrote: > > Good morning, > > Just curious on when we'll see an update on the apache2 release to version > 2.4.28 to patch against the "Optionsbleed" bug detailed by CVE-2017-9798. > More info on the severity of this bug can be seen at: > https://blog.fuzzing-project.org/60-Optionsbleed-HTTP- > OPTIONS-method-can-leak-Apaches-server-memory.html > > Thank you, > Glen > > > >
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
