Hello all, I have probably a 2 part question relating to a specific CVE and ongoing security patching. Feel free to tell me off if I’ve missed something in my research .
Regarding CVE-2022-22720, RedHat has patched this vulnerability through backporting (httpd-2.4.37-43.module+el8.5.0+14530+6f259f31.3.x86_64.rpm -Red Hat Customer Portal - Access to 24x7 support and knowledge) and it looks like Rocky’s latest backported 2.4.37 is 43.module+el8.5.0+747+83fae388.3. As the priority and severity of this is high, when can we expect a corresponding release (I don’t know if Rocky keeps the same number scheme if if it would be 14530) of Apache?
In relation to ongoing CVE’s and bug tracking, I know Rocky has errata (https://errata.rockylinux.org/) but is there a bugzilla 'esque location where the community might be able to check a CVE’s release roadmap?