Ubuntu
apache2 package

CVE patch request

Bug #1956386 reported by Chris Newcomer
262
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
Fix Released
High
Unassigned

Bug Description

This bug is a security vulnerability.

I'm reporting this list of CVEs escalated by AWS according to the CVE escalation policy.

They are requesting that CVE-2021-44224 and CVE-2021-44790 be reclassified as High as per the NVD rating. The spreadsheet with the official request is: https://docs.google.com/document/d/1ZhTGZIx-Ffnu8G2NyhGQ-cExKsmx1pl4NNR4Ubloh5I/

Thanks,
Chris

CVE References

Chris Newcomer (cnewcomer)
tags: added: community-security
Paride Legovini (paride)
information type: Public → Public Security
Revision history for this message
Paride Legovini (paride) wrote :

Hi Chris, as you say the Ubuntu security tracker lists those CVEs as fixed upstream, not yet fixed in Ubuntu, and having Medium priority:

  https://ubuntu.com/security/CVE-2021-44224
  https://ubuntu.com/security/CVE-2021-44790

I marked this bug report as Public Security and subscribed ubuntu-security.

Revision history for this message
Utkarsh Gupta (utkarsh) wrote :

Marking this as "Triaged" and raising the importance to "High".

Changed in apache2 (Ubuntu):
status: New → Triaged
importance: Undecided → High
Revision history for this message
Shaun Murphy (shoonmcgregor) wrote :

Updates for CVE-2021-44224 and CVE-2021-44790 have been released.

Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

As mentioned by Shaun, the fixes for both CVEs already landed in the security pocket, marking this bug as Fix Released.

Changed in apache2 (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.