On 4/5/24 15:58, Moritz Muehlenhoff wrote:
On Fri, Apr 05, 2024 at 08:16:43AM +0400, Yadd wrote:
On 4/4/24 22:51, Moritz Mühlenhoff wrote:
Source: apache2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for apache2.
CVE-2024-27316[0]:
https://www.kb.cert.org/vuls/id/421644
https://www.openwall.com/lists/oss-security/2024/04/04/4
CVE-2024-24795[1]:
https://www.openwall.com/lists/oss-security/2024/04/04/5
CVE-2023-38709[2]:
https://www.openwall.com/lists/oss-security/2024/04/04/3
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-27316
https://www.cve.org/CVERecord?id=CVE-2024-27316
[1] https://security-tracker.debian.org/tracker/CVE-2024-24795
https://www.cve.org/CVERecord?id=CVE-2024-24795
[2] https://security-tracker.debian.org/tracker/CVE-2023-38709
https://www.cve.org/CVERecord?id=CVE-2023-38709
Please adjust the affected versions in the BTS as needed.
Hi,
I'm ready to push 2.4.59 into bookworm-security. Note that this includes a
test-framework update
Target distribution needs to be bookworm-security, with that please upload.
Can you also preparea the equivalent change for bullseye-security?
The uploads can already happen, but let's keep the update unreleased until
next week, then we can look for regressions reported in unstable (and check
with Ondrej if we received reports based on his repo)
Cheers,
Moritz
Both Bullseye and Bookworm uploaded. Bullseye version embeds also a
copyright fix
