20 Dec
2017
20 Dec
'17
5:44 a.m.
Am 20.12.2017 um 00:40 schrieb Tyler Waldo:
Alexander,
These are the only two CVEs from 2016 that I found contained in the RPM that you referenced.
add security fix for CVE-2016-5387
mod_ssl: add security fix for CVE-2016-4979
Tyler Waldo Information Security Associate Threat and Vulnerability Management Mobile: (650) 410-0776
Tyler,
according to https://www-us.apache.org/dist//httpd/CHANGES_2.4 many of the CVEs you mentioned were fixed in 2.4.24. So 2.4.25 and 2.4.27 used by the SCL RPMs should cover them.
Alexander