Date: Fri, 8 Oct 2021 23:44:15 +0200 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) On Fri, Oct 08, 2021 at 11:27:37PM +0200, Yann Ylavic wrote: > For completeness I'll add this tweet/blog from Stefan (OP) about the > vulnerability and the fixes in httpd: > https://twitter.com/icing/status/1446504661448593408 Thanks, but you just did that again... For completeness, let's have the actual content on the list, not only links to content. That tweet above refers to "Apache httpd 2.4.50 post mortem" at: https://github.com/icing/blog/blob/main/httpd-2.4.50.md I'm attaching the httpd-2.4.50.md file above to this message. This way, historians will be able to make full sense of the thread in here even after Twitter and GitHub are gone. ;-) Alexander View attachment "httpd-2.4.50.md" of type "text/plain" (12917 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.