Re: [eCS-ISP] Apache update needed new CVE's reported.
Tue, 28 Dec 2021 19:32:14 -0800
"eCS ISP Mailing List" <firstname.lastname@example.org>
In <email@example.com>, on 12/29/21
at 09:29 AM, "Paul Smedley" <firstname.lastname@example.org> said:
>My personal opinion is that these are almost no risk for OS/2 - we
>don't have mod_lua, so that rules out CVE-2021-44790; and
>CVE-2021-44224 is only for a specific use case (forward proxy
FWIW, I came to the same conclusion when I first read the CVEs. They were
not sufficiently interesting to be worth discussing on the apache list.
Now, the Log4J CVE, even though it doesn't affect our platform, is more
than a litte interesting.