IRC Logs

Time  Nick         Message
00:15 koha-jenkins Project Koha_21.11_D12 build #3: SUCCESS in 1 hr 0 min: https://jenkins.koha-community.org/job/Koha_21.11_D12/3/
00:24 koha-jenkins Project Koha_21.11_D10 build #4: STILL UNSTABLE in 1 hr 9 min: https://jenkins.koha-community.org/job/Koha_21.11_D10/4/
15:07 schnyd       test
15:14 eugene_      has anyone tried using newer version of apache2 other than what is given in sources? in debian 10, apache version is 2.4.38
15:16 eugene_      Please see: https://httpd.apache.org/security/vulnerabilities_24.html
15:19 tuxayo       eugene_: "other than what is given in sources" you mean the Debian 10 repos?
15:19 tuxayo       https://tracker.debian.org/pkg/apache2
15:20 tuxayo       oldstable: 2.4.38-3+deb10u5
15:20 tuxayo       https://metadata.ftp-master.debian.org/changelogs//main/a/apache2/apache2_2.4.38-3+deb10u6_changelog
15:21 tuxayo       Even though it's 2.4.38, the deb10u5 seems to be about the security patches that are backported by Debian packagers
15:24 eugene_      hmm so it is safe to say that 2.4.38 has the patch for the vulnerabilities I previously sent?
15:26 tuxayo       as for your question about using a newer version, in the environments running automated tests for Koha, on is using Debian 11 and apache 2.4.51 so Koha it should work on the latest apache
15:27 tuxayo       > has the patch for the vulnerabilities I previously sent?
15:27 tuxayo       I wouldn't worry about Debian.
15:29 eugene_      okay got this. thanks for the info! :)
15:29 tuxayo       It would be on Debian's side that you could check that. (chat, forums, mailing lists)
15:31 eugene_      :D
15:33 tuxayo       There is a mailing list for apache packaging and a question was asked about a sec patch.
15:33 tuxayo       https://lists.debian.org/debian-apache/2021/11/msg00250.html
15:34 tuxayo       This tool has been pointed
15:34 tuxayo       https://security-tracker.debian.org/tracker/CVE-2021-41524
15:38 eugene_      yay.. thanks a lot on this. :)
15:38 tuxayo       hum, after trying a few of the mentioned CVEs this one is marked as still affecting Debian 10
15:38 tuxayo       https://security-tracker.debian.org/tracker/CVE-2021-33193
15:38 tuxayo       I leave you the rest about digging or asking about this one :P