Alexander,
These are the only two CVEs from 2016 that I found contained in the RPM that you referenced.
- add security fix for CVE-2016-5387
- mod_ssl: add security fix for CVE-2016-4979
-- Tyler Waldo Information Security Associate Threat and Vulnerability Management Mobile: (650) 410-0776
On Tue, Dec 19, 2017 at 10:39 AM, Alexander Dalloz ad+lists@uni-x.org wrote:
Am 19.12.2017 um 18:44 schrieb Tyler Waldo:
Hello everybody
I am looking to push out httpd24-httpd-2.4.25-9.el7 to my organization, but I do not see it as being available on the mirror.centos.org site. I see a git commit for this package in April and was wondering how long it takes an rpm to become available once the commit has been completed.
http://mirror.centos.org/centos/7/sclo/x86_64/rh/httpd24/
https://www.softwarecollections.org/en/scls/rhscl/httpd24/
Also, I don't see the following CVEs addressed in any httpd24 changelogs
and wanted to know if they were ever planning on being addressed in an httpd24 rpm?
- CVE-2016-0736 - CVE-2016-2161 - CVE-2016-8743 - CVE-2016-1546 - CVE-2016-8740Latest version is http://mirror.centos.org/cento s/7/sclo/x86_64/rh/httpd24/httpd24-httpd-2.4.27-8.el7.x86_64.rpm
I haven't checked whether it has fixes for the named CVEs.
Thanks,
Tyler
Alexander _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos