Control: tags -1 + confirmed On Thu, 2024-08-15 at 05:19 +0400, Yadd wrote: > Same as #1076531 but for Bullseye > > [ Reason ] > Apache2 was updated to 2.4.61 due to 8 CVEs. However "a partial fix > for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores > some use of the legacy content-type based configuration of handlers. > "AddType" and similar configuration, under some circumstances where > files are requested indirectly, result in source code disclosure of > local content. For example, PHP scripts may be served instead of > interpreted".
Please go ahead. Regards, Adam
