|
Message-ID: <CAKQ1sVP9YFXTvqqfHDSpGDv=552iL48xdDtQyqV7-MAVg4jWCA@mail.gmail.com> Date: Fri, 8 Oct 2021 23:59:03 +0200 From: Yann Ylavic <ylavic.dev@...il.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) On Fri, Oct 8, 2021 at 11:46 PM Solar Designer <solar@...nwall.com> wrote: > > On Fri, Oct 08, 2021 at 11:27:37PM +0200, Yann Ylavic wrote: > > For completeness I'll add this tweet/blog from Stefan (OP) about the > > vulnerability and the fixes in httpd: > > https://twitter.com/icing/status/1446504661448593408 > > Thanks, but you just did that again... For completeness, let's have the > actual content on the list, not only links to content. > > That tweet above refers to "Apache httpd 2.4.50 post mortem" at: > > https://github.com/icing/blog/blob/main/httpd-2.4.50.md > > I'm attaching the httpd-2.4.50.md file above to this message. > > This way, historians will be able to make full sense of the thread in > here even after Twitter and GitHub are gone. ;-) Noted, thanks for correcting me (again). Regards; Yann.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.