From nobody Fri Jun 10 13:20:01 2022 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 5C91085F6A9 for ; Fri, 10 Jun 2022 13:20:09 +0000 (UTC) (envelope-from stephen.wall@redcom.com) Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl0gcc02on2055.outbound.protection.outlook.com [40.107.89.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "DigiCert Cloud Services CA-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LKM5N3tNCz3GbK for ; Fri, 10 Jun 2022 13:20:08 +0000 (UTC) (envelope-from stephen.wall@redcom.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WDok5WRgIy6Yq+gxaGs92JT+XvpcuTbET3lZ+JKXU3sfaT1f0StxY+45oxtUovOYIIu720kc/e5ab/XOef5YXJFIm/C5ys+YxSp852N8s0cPU77fdrXuJ1GwTzL014PgkxlCwHAC2aEIc2p+Bz1/HrfE5ycSjFAUotmLHGzP3I6MWm4jFsd7t9Fnm5oxGEyA3CVLfFiu73oBWv5SKXD2AjD90+PjvFTu3xjihvZK08jNjExSdD+J1Vem1TeC5ZpI/oJu0rIEJvoUt3TWmgVX6V0aGxU6ONA4z0ja3WesIImRIM+8O2Ad0cyk6jGhbIoTzQEM/cfTyFwMXz2XtEkzbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sk0Bdb5dAj4gH7dMDbTlhcI4KoTd19MemMVsc32mt4s=; b=jBo60PfrCVNxRyGxcLBM0mJBJhUEPM5ho5INWBgiDmxETZLwnG/CFgDReESaI4+MSb9WgY1vd25RfS3N6NE+GOgQ47JB4ZecsziOnxcm5fPsjw3OZDtt5GCwjxVQabCajN8HLSXiBajkw/ya1gN0IbGi/SEWA+z3x43I/ZtfZUHDMb43X1nbQUoJcJtAAeuOIN5q//sssh3EVlkpjKauXktxFC4pDg0b7v3Uq8glaCMj5EXXo6rROy7m+AJg/o5lZBicOj9gEdC+55yB9KI8t8TozjDpACZMFvYt5Gu4k4WROtD44CUJQWt2SCbmPls2e2QOSaymtp4po1tg8hWY1Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=redcom.com; dmarc=pass action=none header.from=redcom.com; dkim=pass header.d=redcom.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redcomlaboratories.onmicrosoft.com; s=selector1-redcomlaboratories-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sk0Bdb5dAj4gH7dMDbTlhcI4KoTd19MemMVsc32mt4s=; b=EaJUyOOCXNUMwdErY9qiX6kw4/xcwnd1TgOBd1YAX6rcE2fHFLYFlcahTdbZlXHpNRAsTPaaxoiPcCrfEW4Xrhowp+E4Ldl45+/akPuM4dPFe1+id7rQsSLBXQqJ/b+GwsrEOdu7DkX+LWAkNEPYkKnbd5yvkxETBUY9q9ICM6Pj5IIkn2W7C9br/XwskffvVhXDFJuxBx23eY5EVkpRc95yYiXDgnJhMbSHZPqanOpSPAICJKwYQXx8C+dp7ifJ4FwnAjs1wJcggw0ZlaK8vJffbPplcN+ajxoILrgDfhpuuVf0j6kNMOu9Rd3WE/s3VoJC15fjezoex/1Iku1bsg== Received: from MN2PR09MB4667.namprd09.prod.outlook.com (2603:10b6:208:216::16) by BLAPR09MB6532.namprd09.prod.outlook.com (2603:10b6:208:2a6::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5332.13; Fri, 10 Jun 2022 13:20:01 +0000 Received: from MN2PR09MB4667.namprd09.prod.outlook.com ([fe80::1ca4:ca52:3d0c:e474]) by MN2PR09MB4667.namprd09.prod.outlook.com ([fe80::1ca4:ca52:3d0c:e474%7]) with mapi id 15.20.5332.014; Fri, 10 Jun 2022 13:20:01 +0000 From: "Wall, Stephen" To: Masachika ISHIZUKA , "freebsd-security@freebsd.org" Subject: RE: Is apache24-2.4.54 vulnerable ? Thread-Topic: Is apache24-2.4.54 vulnerable ? Thread-Index: AQHYfFbzQK77xHL2AkGVdWaRvSZaRK1Hvx6AgAARkQCAAM/1UA== Date: Fri, 10 Jun 2022 13:20:01 +0000 Message-ID: References: <20220610.081507.1134393150579572029.ish@amail.plala.or.jp> <20220610.085155.1636577084047793852.moto@kawasaki3.org> <20220610.095448.1735421952196505841.ish@amail.plala.or.jp> In-Reply-To: <20220610.095448.1735421952196505841.ish@amail.plala.or.jp> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 1bb789f4-7ddf-4e60-c359-08da4ae3ec96 x-ms-traffictypediagnostic: BLAPR09MB6532:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: lYe7dJ7cc4rSqpPRApN8gTUU7DrS74za7IXhMbrh83FsXP1sH4TEsbckVdgmQpbFCzGm60y9sFWKSnYj3z5ifUDzTY7fCykggXBIYGUTDvHeDTSNTuNxtE0f31tD2oMX0ZmiFsHLjUEd7qBTeCQADcOv+tsm3n+h+JfHROP7sS12vAxpn/96OabmP2fLRvmt1jTBtkIiS2CclQVapXQOQeBr3GqPmxXPlhRQof9TMP0nodWideUC8NHbpV0Si1WMtPsADMHvc+4qfg78j/pyjA7CjplPhu0AdLnb8Bgu9gaPEd39YHdxlrsuM0USAOqafH31+g4I7AmkMXJR1zLWPl+ROlHVEcJskien3z+RlbnVpvViqE5e6isfNtFr0tWIuEpdFNR9ujmxkp8DYHZCjYXorXFxFMsjGRaLy157kwLaE5O4LyS1hhfiel4xaq2lTpw1vxUPvFSpYDUN6OySbGQyXyDmlFQpITUyuTB9TNbLyzxuL9qErylILBKDB2/i2/S4U/8EIP/Wj+Be+tBnj6h+UjnQJDn9yPo9IWa59XPc5c7/CLSVDCUXH0ht9bhYSA2U4cQaLAK7Dyhao9QWWrQeONLj5GaNnjf9rqNLjHEDDr7Dzqve7CUqmn7ZeGm/0VVrJ/LG55kX+rdqwXe1lfPh0qHcFsO9BarVYClRp6kqnIkvPN48AC4i4r0JIM0ErIK586sb98aKlwda7HnVBw== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MN2PR09MB4667.namprd09.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(558084003)(110136005)(71200400001)(38100700002)(86362001)(8936002)(5660300002)(76116006)(508600001)(316002)(8676002)(52536014)(66946007)(26005)(186003)(55016003)(2906002)(38070700005)(33656002)(6506007)(7696005)(64756008)(122000001)(9686003)(66446008)(66476007)(66556008);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?B?cHl3Q2NOaE8wbXk2SUhLa3ZwaWJWVXpmY3R3dFgwN1JNNWlOcWlnMmQrbmRG?= =?utf-8?B?Nm15K29EZVRkdlgyK1lVZ1BJZ1gzVDRlVE1TMmd1M09TbndKRTV6V3lRRDdn?= =?utf-8?B?d1Z3V1BEMDJ2TG9kMndFQ2Z6dGpoZTFseGtkWFVYcThGMk16YkltbW9mcGxD?= =?utf-8?B?MWtNaXBxL2dqd1YrMnI3YTNVMGhlUTVTV3Vnb09UTDFkeEE4OVZ4WnFNWk9H?= =?utf-8?B?WkJtY1RyVW42cEhOME1XSGx2QTltY3FJcFdZQ3lybUNuRGlrb3luU0lYblRE?= =?utf-8?B?TFBVQURXeFRhNjBNZ0JTRE9SVTR6UmgraHd0VzFGNUVvTE1tVnZyaFZRQVdW?= =?utf-8?B?S08wTDdEZ2JRdjJMamdMY0xvNFk4ZHBvenllSUJSVUpaTTNrT3FkZVdDNWI5?= =?utf-8?B?OCt0elQwNkpXRUdkblBVcHYyQlpRYWtmYmtPcEFrd2pFMi83NjAwcnl3cHNn?= =?utf-8?B?TVlqQjBqeHo2Ty9iVks1N3IrL291T3pPTEgvT2FrVWVIUlBWS0FpdUVhcmJZ?= =?utf-8?B?TUs4VWV3b2x2akxLZU1CM3p4VDNZZ29VdmZ5YjgrRnNWTTNkU2YySFpSUG5N?= =?utf-8?B?UUs3Sm02TS9PckFHZGhPcGpMeWgwaUlYSjVCWW9KVlI4YmlRVm9LWE5lb3VX?= =?utf-8?B?QVFyaWp5bEpjek9ydEdzOUJ2TlJMYzhuMlhEUEJqUGMzRTcxYkhROEpodUFP?= =?utf-8?B?OGsxRWJJNXNyQWRSclRZcUUvYXhBVHhYTDg5cGZuTFIrR3p5TG9ZZ1g4aWJE?= =?utf-8?B?OFJpdkJTM1RjWXlkZDlJSXJuOFBPdEdNQm1YVnJXVTNMSWNkQW9qaWt4YnNa?= =?utf-8?B?a2R2UTdmMkZnWEVGSU9WVmtSZFh4SUpwY1NqN2RYWGhub1Fxa25KQ1lKMmsy?= =?utf-8?B?aDJNRldmY1J1VmhLYUM0cURZZXUrbWF3S3AzL1kwSlJCcDBsb0NNTVNyUHZP?= =?utf-8?B?OFIrMEc2OEM4SEZqZm9NY25oM3NmbGN3VVF5SFRVUDVqcVZ6WXRqREdta2dF?= =?utf-8?B?WUIxY04xNkJiMUczVTg2RnREOGtBSDR2SmVMUldKL2oydU5vN0NHZnRWQ1Ax?= =?utf-8?B?ejJHSEN2WHFoTWxuTWZhb0NRQkFGZlovM0pGTktLM2oyRUVMQUwzSXRNNFpk?= =?utf-8?B?TVMyZjVPQ1g2dEtVNmFkbFFPSkhpd1hyUXVIMU40RnFLN2JIaFcvTTVkd2V0?= =?utf-8?B?ZzFZUFMwcndLck0wZVFFbGhWc2ZmU29HQUJvNWJBbGFscHNPMFJyZmViY1NN?= =?utf-8?B?TGFXNGZzZ0huYlFHN2xUc25YUTJyUVl3MkZTMUJIVEVCZDlheDMzVStpZ0ll?= =?utf-8?B?Q1pqbWVzd2Fuem0xY2N0blBhZTlPOUNFMUozOER6Z2dIOGhKdXVKWS95M2xv?= =?utf-8?B?aVY4ejdsZDRCWGplTExGOXRpUElZWnUzcVd0RmFwU2JtQkp0L3RoV1BZem1W?= =?utf-8?B?dXdmRmpPV2hIeXlZVlZLYjNwUGg1czl4c0xFNmR0eXRCQVU3YkwrUG5zYkdI?= =?utf-8?B?UzJ5YjM4b1ltMVB1cHVDN252T29IY2h1bXZOYlY1ZFl2aWU4Y3ArOXE1bmZP?= =?utf-8?B?MEoydzgvdnhKZDlYTXkwVkxyT0hHU1dydzlGdk5EKytqc3hKYzhKRC9RYU5q?= =?utf-8?B?bGdnRUZyU285dDAyMkgxUGdGbmlyRFpYai8zbkhhaVA3RDhCWHE1cmxhNEVI?= =?utf-8?B?b29nMVlpSE9yTTEzN0pSbUVCVW9XRitqYmMxaWMyRjkwL2hIb09HcXNZZ2xD?= =?utf-8?B?T0YySWhCSjFHL2dqSkZlMkV4aHRmSlZoUXo4bUZsQW9ScVluVGFMTTNpNGV5?= =?utf-8?B?NUxuWFE4b0RDQmNpaHFyRVFhTlFZK0V4bGxDaHlqVUNMM2pRemc0SElKRjRR?= =?utf-8?B?YXdEQzlia05IbHNFQm9SaXFNVXljT2lnRE9sUGlFMHNkOWNlbzNyRWRuOWpj?= =?utf-8?B?V2hoUW5tdTBCQkp6dGVYWjNzSm9QeElQMytqVzQ4MmRjL3pxWWpaMGM2dXp4?= =?utf-8?B?WWxoWXV3c1o5ME9sOGNYRDRRRDY0SCt0SUpkY1BqQWRsZFovdDVYV2grVTBy?= =?utf-8?B?Q3l5cit2aVJKNGFDelBkb21IVE81Z3lJblovSGFDN1cxK21MMmZITjN5c0Mx?= =?utf-8?B?a3ZhR0MxZC8rZS9HSUsycWRNTEVjbWNiRlZOMUNqeWRZdnRZYUlqNjlyUlBN?= =?utf-8?B?TWZPZTJCbDBxSUlTSHpZVHl3cElLS2xMNVBhazJQVlIzc0loakRvenhjRVVY?= =?utf-8?B?Y29xalZNNldHMlNqNzhZdzJrMTZEZXpsRzVuTFNYZG1VL2haMTRUMlNYUDdK?= =?utf-8?Q?YswA6uzQvhwn3aP1PU?= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 X-OriginatorOrg: redcom.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN2PR09MB4667.namprd09.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1bb789f4-7ddf-4e60-c359-08da4ae3ec96 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jun 2022 13:20:01.3212 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 86200ba5-6348-4d6f-bdd7-96f43e8d9247 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLAPR09MB6532 X-Rspamd-Queue-Id: 4LKM5N3tNCz3GbK X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=redcomlaboratories.onmicrosoft.com header.s=selector1-redcomlaboratories-onmicrosoft-com header.b=EaJUyOOC; arc=pass ("microsoft.com:s=arcselector9901:i=1"); dmarc=none; spf=pass (mx1.freebsd.org: domain of stephen.wall@redcom.com designates 40.107.89.55 as permitted sender) smtp.mailfrom=stephen.wall@redcom.com X-Spamd-Result: default: False [-0.72 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[redcomlaboratories.onmicrosoft.com:s=selector1-redcomlaboratories-onmicrosoft-com]; RWL_MAILSPIKE_POSSIBLE(0.00)[40.107.89.55:from]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:40.107.0.0/16]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[redcom.com]; MIME_BASE64_TEXT_BOGUS(1.00)[]; NEURAL_SPAM_SHORT(0.68)[0.677]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[redcomlaboratories.onmicrosoft.com:+]; MIME_BASE64_TEXT(0.10)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[40.107.89.55:from]; MLMMJ_DEST(0.00)[freebsd-security]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:8075, ipnet:40.104.0.0/14, country:US]; RCVD_TLS_LAST(0.00)[]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector9901:i=1] X-ThisMailContainsUnwantedMimeParts: N PiB2dWxuLTIwMjIueG1sOg0KPiAgIDxhZmZlY3RzPg0KPiAgICAgPHBhY2thZ2U+DQo+ICAgICA8 bmFtZT5hcGFjaGUyNDwvbmFtZT4NCj4gICAgIDxyYW5nZT48bHQ+Mi41LjU0PC9sdD48L3Jhbmdl PiAgIDwtLS0tLS0tIDIuNC41NCA/Pz8NCj4gICAgIDwvcGFja2FnZT4gfn5+fn5+DQo+ICAgPC9h ZmZlY3RzPg0KPiAtLQ0KPiBNYXNhY2hpa2EgSVNISVpVS0ENCg0KYDxsdD5gIGluZGljYXRlcyBp dCBhZmZlY3RzIHZlcnNpb25zIGxlc3MgdGhhbiAyLjUuNTQuDQoNCg0KLXNwdw0K