Archivovaná správa #374 diskusnej skupiny ecs-isp@2rosenthals.com predchádzajúca správa ?alšia správa spä? do zoznamu

Od: "Paul Smedley" <ecs-isp@2rosenthals.com> Celá hlavi?ka
Nedekódovaná správa
Hlavi?ka: Re: [eCS-ISP] Apache update needed new CVE's reported.
Dátum: Wed, 29 Dec 2021 15:18:48 +1030
Komu: eCS ISP Mailing List <ecs-isp@2rosenthals.com>

Hey Steven,

On 29/12/21 14:02, Steven Levine wrote:
In <list-2901837@2rosenthals.com>, on 12/29/21
    at 09:29 AM, "Paul Smedley" <ecs-isp@2rosenthals.com> said:

Hi Paul,

My personal opinion  is that these are almost no risk for OS/2 - we
don't have mod_lua, so  that rules out CVE-2021-44790; and
CVE-2021-44224 is only for a specific use case (forward proxy
configurations).

FWIW, I came to the same conclusion when I first read the CVEs.  They were
not sufficiently interesting to be worth discussing on the apache list.
Yep - I only really bothered updating the code to avoid any confusion over the 'downloading large files' bug and which date httpd.dll was in use.

Now, the Log4J CVE, even though it doesn't affect our platform, is more
than a litte interesting.
Absolutely! The only thing I have here using log4j is Openhab and that has already been patched, plus it isn't directly accessible to the internet anyway.

Cheers,

Paul
Prihlási?: Nap??a?, Súhrn, Index.
Odhlási?
Mail na ListMastera