[CentOS] Fwd: httpd24 Package Question

Tue Dec 19 23:40:26 UTC 2017
Tyler Waldo <twaldo at salesforce.com>

Alexander,


These are the only two CVEs from 2016 that I found contained in the RPM
that you referenced.


- add security fix for CVE-2016-5387

- mod_ssl: add security fix for CVE-2016-4979

--
Tyler Waldo
Information Security Associate
Threat and Vulnerability Management
Mobile: (650) 410-0776

On Tue, Dec 19, 2017 at 10:39 AM, Alexander Dalloz <ad+lists at uni-x.org>
wrote:

> Am 19.12.2017 um 18:44 schrieb Tyler Waldo:
>
>> Hello everybody
>>
>> I am looking to push out httpd24-httpd-2.4.25-9.el7 to my organization,
>> but
>> I do not see it as being available on the mirror.centos.org site. I see a
>> git commit for this package in April and was wondering how long it takes
>> an
>> rpm to become available once the commit has been completed.
>>
>
> http://mirror.centos.org/centos/7/sclo/x86_64/rh/httpd24/
>
> https://www.softwarecollections.org/en/scls/rhscl/httpd24/
>
> Also, I don't see the following CVEs addressed in any httpd24 changelogs
>> and wanted to know if they were ever planning on being addressed in an
>> httpd24 rpm?
>>
>>
>>     - CVE-2016-0736
>>     - CVE-2016-2161
>>     - CVE-2016-8743
>>     - CVE-2016-1546
>>     - CVE-2016-8740
>>
>
> Latest version is http://mirror.centos.org/cento
> s/7/sclo/x86_64/rh/httpd24/httpd24-httpd-2.4.27-8.el7.x86_64.rpm
>
> I haven't checked whether it has fixes for the named CVEs.
>
> Thanks,
>>
>> Tyler
>>
>
> Alexander
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>