On Wed, Mar 08, 2023 at 07:09:20AM +0400, Yadd wrote:
> On 3/7/23 23:46, Salvatore Bonaccorso wrote:
> > Source: apache2
> > Version: 2.4.55-1
> > Severity: grave
> > Tags: security upstream
> > X-Debbugs-Cc: car...@debian.org, Debian Security Team
> > <t...@security.debian.org>
> >
> > Hi,
> >
> > The following vulnerabilities were published for apache2.
> >
> > CVE-2023-25690[0]:
> >
> > CVE-2023-27522[1]:
>
> Hi,
>
> here is the debdiff for Bullseye
I'm fine with a DSA, but we've seen a fair amount of regressions in 2.4.x
releases,
so let's wait a few days for regressions reported in sid (and Ondreys PHP repo).
You can already upload the new version, though (we can reject/reupload if
needed).
Cheers,
Moritz
