> Am 08.04.2019 um 18:23 schrieb Leon Fauster <leonfauster at googlemail.com>: > > >> Am 08.04.2019 um 17:49 schrieb Johnny Hughes <johnny at centos.org>: >> >> On 4/3/19 1:53 PM, Leon Fauster via CentOS wrote: >>> It seems that httpd24-httpd from SCL is affected by CVE-2019-0211 [1]. >>> >>> Does the SIG has plans to update these rpms for EL6? >>> >>> [1] https://httpd.apache.org/security/vulnerabilities_24.html >>> >> >> >> https://access.redhat.com/security/cve/cve-2019-0211 >> >> That says SCLs are affected .. BUT .. they do not yet have a plan. The >> SIG should buidl whatever Red Hat releases for httpd24 .. if they >> release anything. Remember, EL6 is in Maintenance Support phase 2 (and >> has been for almost 24 months).. that means what is specified here for >> RHEL sources: >> >> https://access.redhat.com/support/policy/updates/errata >> >> Specifically: >> >> ""During the Maintenance Support 2 Phase, Critical impact Security >> Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories >> (RHBAs) may be released as they become available. Other errata >> advisories may be delivered as appropriate. >> New functionality and new hardware enablement are not planned for >> availability in the Maintenance Support 2 Phase. Minor releases with >> updated installation images may be made available in this Phase." >> >> So .. They may or may not release a security update after investigation. >> It is time to plan your move from EL6 to EL7 ... > > Thanks for getting into this. Yep, its time to move on ... until this > I will try to build a custom version. Seems to be addressed: https://access.redhat.com/errata/RHSA-2019:0746 -- LF