> CVE-2015-3276 appears to be unfixed in 2.4.44, and from several
> attempts at finding the bug reported in your mailing list archive
> I came up empty. So ... The best I've found from this CVE is
> RedHat's bugzilla entry at
> which contains a (suggested) patch.
We can integrate a suggested fix if the patch author submits their
patch to our ITS directly. Due to IPR concerns we don't accept or act=
on 3rd party patch submissions.
Hm, ok. I've submitted an update to the above bug entry
petitioning for them to release the fix. We'll see if they act