Alexander, These are the only two CVEs from 2016 that I found contained in the RPM that you referenced. - add security fix for CVE-2016-5387 - mod_ssl: add security fix for CVE-2016-4979 -- Tyler Waldo Information Security Associate Threat and Vulnerability Management Mobile: (650) 410-0776 On Tue, Dec 19, 2017 at 10:39 AM, Alexander Dalloz <ad+lists at uni-x.org> wrote: > Am 19.12.2017 um 18:44 schrieb Tyler Waldo: > >> Hello everybody >> >> I am looking to push out httpd24-httpd-2.4.25-9.el7 to my organization, >> but >> I do not see it as being available on the mirror.centos.org site. I see a >> git commit for this package in April and was wondering how long it takes >> an >> rpm to become available once the commit has been completed. >> > > http://mirror.centos.org/centos/7/sclo/x86_64/rh/httpd24/ > > https://www.softwarecollections.org/en/scls/rhscl/httpd24/ > > Also, I don't see the following CVEs addressed in any httpd24 changelogs >> and wanted to know if they were ever planning on being addressed in an >> httpd24 rpm? >> >> >> - CVE-2016-0736 >> - CVE-2016-2161 >> - CVE-2016-8743 >> - CVE-2016-1546 >> - CVE-2016-8740 >> > > Latest version is http://mirror.centos.org/cento > s/7/sclo/x86_64/rh/httpd24/httpd24-httpd-2.4.27-8.el7.x86_64.rpm > > I haven't checked whether it has fixes for the named CVEs. > > Thanks, >> >> Tyler >> > > Alexander > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >