Comment 9 for bug 1197884

I thought this request felt under the below wording in https://wiki.ubuntu.com/StableReleaseUpdates :

<quote>
Stable release updates will, in general, only be issued in order to fix high-impact bugs. Examples of such bugs include:

Bugs which may, under realistic circumstances, directly cause a security vulnerability. These are done by the security team and are documented at SecurityTeam/UpdateProcedures.
...
</quote>
I believe this threat is very realistic ( http://blog.ivanristic.com/2013/06/ssl-labs-deploying-forward-secrecy.html ). I guess the metrics to determine what warrants an exception are up to you for sure but as far as I can tell the privacy cost of this vulnerability justifies the upgrade for apache servers *only* or the usage of a PPA like https://launchpad.net/~derek-morton/+archive/apache-2.4 if you decide to trust it or simply building apache 2.4 from scratch. If the server is not running apache clearly there is nothing to be worry about.

Thanks for the statement because at least the wait is over.

Best,
- Nestor