> CVE-2015-3276 appears to be unfixed in 2.4.44, and from several > attempts at finding the bug reported in your mailing list archive > I came up empty. So ... The best I've found from this CVE is > RedHat's bugzilla entry at > > https://bugzilla.redhat.com/show_bug.cgi?id=3D1238322 > > which contains a (suggested) patch. We can integrate a suggested fix if the patch author submits their patch to our ITS directly. Due to IPR concerns we don't accept or act=

on 3rd party patch submissions.