From:	"Paul Smedley" <ecs-isp@2rosenthals.com>
Subject:	Re: [eCS-ISP] Apache update needed new CVE's reported.
Date:	Wed, 29 Dec 2021 09:29:13 +1030
To:	eCS ISP Mailing List <ecs-isp@2rosenthals.com>

Hi Roderick, On 29/12/21 09:24, Roderick Klein wrote: https://httpd.apache.org/security/vulnerabilities_24.html Two new CVE reports for version 2.4.51. A new version 2.4.52 has been released to address these issue's ? Paul could you compile a new version of Apache ? My personal opinion is that these are almost no risk for OS/2 - we don't have mod_lua, so that rules out CVE-2021-44790; and CVE-2021-44224 is only for a specific use case (forward proxy configurations). Having said that, I posted a link to 2.4.52 in the apache2 ml last night. https://smedley.id.au/tmp/httpd-2.4.52-os2-20211228-debug.zip Cheers, Paul

: , , .