Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKQ1sVP9YFXTvqqfHDSpGDv=552iL48xdDtQyqV7-MAVg4jWCA@mail.gmail.com>
Date: Fri, 8 Oct 2021 23:59:03 +0200
From: Yann Ylavic <ylavic.dev@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2021-42013: Path Traversal and Remote Code
 Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)

On Fri, Oct 8, 2021 at 11:46 PM Solar Designer <solar@...nwall.com> wrote:
>
> On Fri, Oct 08, 2021 at 11:27:37PM +0200, Yann Ylavic wrote:
> > For completeness I'll add this tweet/blog from Stefan (OP) about the
> > vulnerability and the fixes in httpd:
> > https://twitter.com/icing/status/1446504661448593408
>
> Thanks, but you just did that again...  For completeness, let's have the
> actual content on the list, not only links to content.
>
> That tweet above refers to "Apache httpd 2.4.50 post mortem" at:
>
> https://github.com/icing/blog/blob/main/httpd-2.4.50.md
>
> I'm attaching the httpd-2.4.50.md file above to this message.
>
> This way, historians will be able to make full sense of the thread in
> here even after Twitter and GitHub are gone. ;-)

Noted, thanks for correcting me (again).

Regards;
Yann.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.