Archivovaná správa #373 diskusnej skupiny ecs-isp@2rosenthals.com

Od: "Steven Levine" <ecs-isp@2rosenthals.com> Celá hlavi?ka
Nedekódovaná správa
Hlavi?ka: Re: [eCS-ISP] Apache update needed new CVE's reported.
Dátum: Tue, 28 Dec 2021 19:32:14 -0800
Komu: "eCS ISP Mailing List" <ecs-isp@2rosenthals.com>

In <list-2901837@2rosenthals.com>, on 12/29/21
   at 09:29 AM, "Paul Smedley" <ecs-isp@2rosenthals.com> said:

Hi Paul,

>My personal opinion  is that these are almost no risk for OS/2 - we
>don't have mod_lua, so  that rules out CVE-2021-44790; and
>CVE-2021-44224 is only for a specific use case (forward proxy
>configurations).

FWIW, I came to the same conclusion when I first read the CVEs.  They were
not sufficiently interesting to be worth discussing on the apache list.

Now, the Log4J CVE, even though it doesn't affect our platform, is more
than a litte interesting.

Steven

--
----------------------------------------------------------------------
"Steven Levine" <steve53@earthlink.net>  Warp/DIY/BlueLion etc.
www.scoug.com www.arcanoae.com www.warpcave.com
----------------------------------------------------------------------


Prihlási?: Nap??a?, Súhrn, Index.
Odhlási?
Mail na ListMastera