On Wed, Mar 08, 2023 at 07:09:20AM +0400, Yadd wrote: > On 3/7/23 23:46, Salvatore Bonaccorso wrote: > > Source: apache2 > > Version: 2.4.55-1 > > Severity: grave > > Tags: security upstream > > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > <t...@security.debian.org> > > > > Hi, > > > > The following vulnerabilities were published for apache2. > > > > CVE-2023-25690[0]: > > > > CVE-2023-27522[1]: > > Hi, > > here is the debdiff for Bullseye
I'm fine with a DSA, but we've seen a fair amount of regressions in 2.4.x releases, so let's wait a few days for regressions reported in sid (and Ondreys PHP repo). You can already upload the new version, though (we can reject/reupload if needed). Cheers, Moritz