> Am 08.04.2019 um 17:49 schrieb Johnny Hughes <johnny at centos.org>: > > On 4/3/19 1:53 PM, Leon Fauster via CentOS wrote: >> It seems that httpd24-httpd from SCL is affected by CVE-2019-0211 [1]. >> >> Does the SIG has plans to update these rpms for EL6? >> >> [1] https://httpd.apache.org/security/vulnerabilities_24.html >> > > > https://access.redhat.com/security/cve/cve-2019-0211 > > That says SCLs are affected .. BUT .. they do not yet have a plan. The > SIG should buidl whatever Red Hat releases for httpd24 .. if they > release anything. Remember, EL6 is in Maintenance Support phase 2 (and > has been for almost 24 months).. that means what is specified here for > RHEL sources: > > https://access.redhat.com/support/policy/updates/errata > > Specifically: > > ""During the Maintenance Support 2 Phase, Critical impact Security > Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories > (RHBAs) may be released as they become available. Other errata > advisories may be delivered as appropriate. > New functionality and new hardware enablement are not planned for > availability in the Maintenance Support 2 Phase. Minor releases with > updated installation images may be made available in this Phase." > > So .. They may or may not release a security update after investigation. > It is time to plan your move from EL6 to EL7 ... Thanks for getting into this. Yep, its time to move on ... until this I will try to build a custom version. -- LF