Control: tags -1 + confirmed On Thu, 2024-07-18 at 09:39 +0400, Yadd wrote: > [ Reason ] > Apache2 was updated to 2.4.61 due to 8 CVEs. However "a partial fix > for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores > some use of the legacy content-type based configuration of handlers. > "AddType" and similar configuration, under some circumstances where > files are requested indirectly, result in source code disclosure of > local content. For example, PHP scripts may > be served instead of interpreted". > > It's difficult to find in upstream commits what are "under some > circumstances" neither in upstream explanations.
Please go ahead. Regards, Adam
