Update apache 2.4.57-2 to 2.4.58-1

[jeritiana]

Is there a timeline to update the used apache version from 2.4.57-2 to 2.4.58-1? The latest version fixes identified CVEs. Thanks

[tianon]

These are not (and are not likely to be; see <no-dsa> tags in the Debian Security Team notes) fixed in any stable release of Debian:

• https://security-tracker.debian.org/tracker/CVE-2023-31122
• https://security-tracker.debian.org/tracker/CVE-2023-43622
• https://security-tracker.debian.org/tracker/CVE-2023-45802

[tianon]

(See also https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-cves)

[duprasf]

I'm maintaining a site that needs to be PCI-DSS compliant and we need Apache 2.4.58 to be compliant. So an upgrade would be appreciated.

[tianon]

All available security updates from Debian are applied in our images (as noted and linked above), and I'm afraid there is not anything more we're going to do here.