Bug 1305629
Summary: | httpd changelog typo relative to CVE-2014-0226 | |||
---|---|---|---|---|
Product: | [JBoss] JBoss Enterprise Web Server 2 | Reporter: | Dave Sullivan <dsulliva> | |
Component: | httpd | Assignee: | Coty Sutherland <csutherl> | |
Status: | CLOSED EOL | QA Contact: | Michal Karm Babacek <mbabacek> | |
Severity: | low | Docs Contact: | ||
Priority: | low | |||
Version: | 2.1.0 | CC: | csutherl, jclere, jdoyle, jpallich, pslavice, rsvoboda | |
Target Milestone: | DR01 | |||
Target Release: | 2.1.1 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1338666 (view as bug list) | Environment: | ||
Last Closed: | 2019-06-13 09:17:29 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1338666 |
Description
Dave Sullivan
2016-02-08 18:57:52 UTC
As can been seen from the changelog from the httpd from rhel-6-server-rpms channel ... * Thu Jul 17 2014 Jan Kaluza <jkaluza> - 2.2.15-38 - mod_cgid: add security fix for CVE-2014-0231 - mod_deflate: add security fix for CVE-2014-0118 - mod_status: add security fix for CVE-2014-0226 <----cve is correct here ... Not completely sure if the vulnerability scanner is looking at changelogs but is is failing, personally I think the scanner is failing for other reasons. But it doesn't help the cause when the typo is there in the changelogs. Besides the changelog, the patch has been named CVE-2014-0026.patch as well. I've fixed the name of the patch, the patching and the CL entry for the jb-eap-6.4-rhel-6 branch of httpd and jb-eap-6.4-rhel-6 branch of httpd22 in distgit so that any future builds will have the proper CVE number in there. Weinan, can you please take care of httpd rebuild when you have the new version ready for EWS 2.1.1? Thanks! |