[Bug 551221] Re: consider a newer version of apache2 for lucid or backport some changes

Stefan Fritsch sf at sfritsch.de
Sun Apr 4 19:23:24 BST 2010


I am not sure how wise it is to make a release that is supported for 5
years and does not contain the fix for CVE-2009-3555 (unless you mean to
add it later). Clients may change their behaviour and refuse to connect
to insecure servers at some time in the future.

The "improved protection for vulnerable clients" I mentiond in my first
post is already in 2.2.14-5, so just ignore that.

The postrm hook is not urgent but may be required for the update to the
next LTS release. Maybe it would be enough to add it later in a point
release.


Disclaimer: I don't know much about the Ubuntu release process.

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3555

-- 
consider a newer version of apache2 for lucid or backport some changes
https://bugs.launchpad.net/bugs/551221
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.



More information about the Ubuntu-server-bugs mailing list