Perfect working together.
Patch is merged.
Indeed, we shouldn't ship a release that has any known vulnerabilities.
Best, -Michael
On Tue, 2017-09-19 at 19:23 +0200, Matthias Fischer wrote:
On 19.09.2017 17:14, Peter Müller wrote:
Hello,
a security issue has been found in Apache 2.4.27, which is at the moment scheduled for the "next" branch in IPFire.
It is a memory leak (called "optionsbleed"), more details are available here:
A patch has been published on Apache's SVN repository (but I am not sure how to add it to the LFS build file :-) ): https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=18...
Although IPFire is not vulnerable as far as I know, it might be good to deploy this. Affects the 2.2.x series, too.
Just in case anyone is interested.
Best regards, Peter Müller
I'll give it a try - Devel is running...
Best, Matthias