Your message dated Wed, 03 Jun 2026 16:49:10 +0000
with message-id <[email protected]>
and subject line Bug#1135096: fixed in apache2 2.4.67-2
has caused the Debian Bug report #1135096,
regarding apache2.NEWS contains incorrect example command: sudo systemctl edit
apache2.services
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1135096: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135096
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: apache2
Version: 2.4.66-8
Severity: minor
Hi,
The debian/apache2.NEWS file in the debian source package (entry for
2.4.65-4) contains:
If you need to override these defaults, you can do
so by running:
"sudo systemctl edit apache2.services" or
"sudo systemctl edit [email protected]".
HOwever, these commands are incorrect: "services" should be "service" in
both commands. Running the commands as-is produces:
❯ sudo systemctl edit apache2.services
No files found for apache2.services.service.
Run 'systemctl edit --force --full apache2.services.service' to create
a new unit.
Maybe good to retroactively fix this entry for anyone that will still
encounter this news entry during upgrades?
Gr.
Matthijs
--- End Message ---
--- Begin Message ---
Source: apache2
Source-Version: 2.4.67-2
Done: Bastien Roucariès <[email protected]>
We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <[email protected]> (supplier of updated apache2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 08 May 2026 18:39:07 +0200
Source: apache2
Architecture: source
Version: 2.4.67-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers <[email protected]>
Changed-By: Bastien Roucariès <[email protected]>
Closes: 1135096
Changes:
apache2 (2.4.67-2) unstable; urgency=medium
.
* Fix a typo in NEWS file (Closes: #1135096)
* Fix CVE-2026-49975 (HTTP/2 Bomb)
The bomb targets HPACK, HTTP/2's header compression
scheme: one byte on the wire becomes one full header
allocation on the server, repeated thousands of times
per request. The hold is a zero-byte flow-control
window that keeps the server from ever freeing any of it.
Checksums-Sha1:
73a8aeada189d35106e1c5c79fe4ae7b42df9cb7 3680 apache2_2.4.67-2.dsc
46e72f3395f75d49d6c8ab20c31521bf1a3d8107 9714011 apache2_2.4.67.orig.tar.gz
837c2618ed0b131cdab25466f45bceb7fb73c291 870 apache2_2.4.67.orig.tar.gz.asc
85f9daed138e380b52b47ad0aa89144b78d0ef81 833504 apache2_2.4.67-2.debian.tar.xz
764247bfd950a12fa87a02172f9e155ca1ed1099 5778 apache2_2.4.67-2_source.buildinfo
Checksums-Sha256:
445ddd95bfe20cfc40b03382e45f6a5065a9929342eeeaa1fa138b4ac3d6a814 3680
apache2_2.4.67-2.dsc
10a578d199c3930250534fac629995f34ef7571709a7c88c45239e1fdc88cf77 9714011
apache2_2.4.67.orig.tar.gz
d8a6e18c2f892aa901121d14852717bddf42e430b0f48f853a4effce7b89f348 870
apache2_2.4.67.orig.tar.gz.asc
b3d6cc0cb511afb5fa6c4a03d091e124d926363cd50d2bad3e8b21c4456353d2 833504
apache2_2.4.67-2.debian.tar.xz
cfa467e6641b3772f07304e6d59c2f0bbed747d600d7a2d1eeaff614a5c94d06 5778
apache2_2.4.67-2_source.buildinfo
Files:
1e2402f59a4837d1f6de58d048b0e8bb 3680 httpd optional apache2_2.4.67-2.dsc
cf51fc1963b35360240f4225c2921d4b 9714011 httpd optional
apache2_2.4.67.orig.tar.gz
8831f0957bcf06bb810d7def20d5d790 870 httpd optional
apache2_2.4.67.orig.tar.gz.asc
f53a150f1e77bd828c829f303e2cf77e 833504 httpd optional
apache2_2.4.67-2.debian.tar.xz
cf1dabc6655cbde5e2f039e5b70f927d 5778 httpd optional
apache2_2.4.67-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJqIFd0CRAAOhotqkEIX0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmcuaUYTwnMuZ2NISiUNew1XpUw+5+np6+YCv2PRghlt
5BYhBF0Bh7lAokW617D1agA6Gi2qQQhfAADFfQ//S4MF8T8D103yoLzAXMrxZqXK
yVYgIyoDRieyTvMLqmQs8N+0c/zGi+G5NWY3QKgyZyPFdzwb9LW4GTUlCOar4p4F
qn52ljztLOhtpqPqiKYSkQ7yY0oeJp8gKUjgMGJGk6co3mUFMj7jEFSVIifeYPAy
z/BvP+pzvjeh1qjdr+d/eoDrLUQwhy+YhRJH8I48n3DHW/UBGWBj80NmQAKEkBR1
NkE6mXB9rPZGDic4EMh8ZAIJ2QI3rgkWBhKlDezMwSdsQ9WZzdnfAPGCvKH0DeXk
5wrEQl2Gre84c2MGmklwtdGyRj0hiuWw1n1CdmBKDkrOHTpt4VfEGzIEvbPUvGiD
Bc5q0KHhNQevfm2AsSw6Uz5JLt/wYCxiEK57gk8t5Fc2slXvJE8AOsDCiTU345ch
iECPGl0UmVeZv9pWcZrxi8+b7q7EEe7IGAhH+vi4OGY31rYPkWNaIx8mUCIG76aV
9iqM6zwxwuOSFzQ7vutugFfesmjdwZMHCx8Q3XLbUzgHshuIGMuZjAwpsV9PZNTB
P9RVIWFBgWqeqObnksB7WuYmYzZr5B8Ex7yy6N6tIBs7Ntj90UecULcUiGAzYN1A
eB9S2tWJLjfYu0XKF8uKZP3nOzU88TSdO0SbL4X7fcdI0QiDN4SJ+oW0N/mTCsvG
IZhAU8kn4rAUiPCzSsk=
=TWvq
-----END PGP SIGNATURE-----
pgp1x8GXkR54P.pgp
Description: PGP signature
--- End Message ---
