Accepted apache2 2.4.67-1~deb13u3 (source) into proposed-updates

Mon, 08 Jun 2026 13:20:20 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 05 Jun 2026 12:55:53 +0200
Source: apache2
Architecture: source
Version: 2.4.67-1~deb13u3
Distribution: trixie-security
Urgency: medium
Maintainer: Debian Apache Maintainers <[email protected]>
Changed-By: Bastien Roucariès <[email protected]>
Changes:
 apache2 (2.4.67-1~deb13u3) trixie-security; urgency=medium
 .
   * Fix CVE-2026-49975 (HTTP/2 Bomb)
     The bomb targets HPACK, HTTP/2's header compression
     scheme: one byte on the wire becomes one full header
     allocation on the server, repeated thousands of times
     per request. The hold is a zero-byte flow-control
     window that keeps the server from ever freeing any of it.
Checksums-Sha1:
 dbe7dcd08b5a69ad4b8a73e74f5edd39bcc152b5 3526 apache2_2.4.67-1~deb13u3.dsc
 46e72f3395f75d49d6c8ab20c31521bf1a3d8107 9714011 apache2_2.4.67.orig.tar.gz
 837c2618ed0b131cdab25466f45bceb7fb73c291 870 apache2_2.4.67.orig.tar.gz.asc
 e108587c5a4f5d41f502d1422f7ac29640f78ccb 828724 
apache2_2.4.67-1~deb13u3.debian.tar.xz
 72aa52d1a9ed326bb4ae2319a71814d39743cc58 5712 
apache2_2.4.67-1~deb13u3_source.buildinfo
Checksums-Sha256:
 433f50fca7e2d3e0f2a340d3376e14ae16d8bf216e11f40d064642974f77de73 3526 
apache2_2.4.67-1~deb13u3.dsc
 10a578d199c3930250534fac629995f34ef7571709a7c88c45239e1fdc88cf77 9714011 
apache2_2.4.67.orig.tar.gz
 d8a6e18c2f892aa901121d14852717bddf42e430b0f48f853a4effce7b89f348 870 
apache2_2.4.67.orig.tar.gz.asc
 40836c7da438b3a7cf8a600fac8baa842cfd4edd43b11934e2a2f2ba4f8a1ab1 828724 
apache2_2.4.67-1~deb13u3.debian.tar.xz
 dbc7475baf2658997e88528cdf2be649d34c624a547ebb6ac3b847ed17f9f84c 5712 
apache2_2.4.67-1~deb13u3_source.buildinfo
Files:
 6130552746fa8dbe90c881da9223edc1 3526 httpd optional 
apache2_2.4.67-1~deb13u3.dsc
 cf51fc1963b35360240f4225c2921d4b 9714011 httpd optional 
apache2_2.4.67.orig.tar.gz
 8831f0957bcf06bb810d7def20d5d790 870 httpd optional 
apache2_2.4.67.orig.tar.gz.asc
 1f4e87334ea2de1f1bc1834a3835dbb8 828724 httpd optional 
apache2_2.4.67-1~deb13u3.debian.tar.xz
 ff643df869272a5463a9ae004b63a462 5712 httpd optional 
apache2_2.4.67-1~deb13u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmokGocACgkQADoaLapB
CF+i0BAAgjod9sl8wwfP2QsEJIFWvf5NjDtFsuUBAnwo62ae4/exumA8PC2wDtX1
fvoBvkdAYBLVi2/wBynhXrMyQqtx0uWuDbjFfCGPMFdVn2qK4xTEyUKWPlL2oO9Q
M50JbL2hRTrvG8zCpuc33tH7iDtHup+ShPWj8qWrq9KDTTEGTEzLtQjySBXu4wpD
j91Qxf7QWg7j/emoWpuDRG3i12IHkBc1VCZa6uB0I249xt1EhAKZ9hyjXSfQXRee
WzEg5/Ix7x85npdtStkNxeadEA/2nUDvf86ieC8/BqHGF+XxKa6jE2eLobLaHZbP
QAsqyiV3Y1oR+ACxarlbilhUZArWPHc98VNzUD/ndlzPxz6fhFgheRSx9yTQT0/M
zSEMcSc79Es4rasnhx3BXV/WEx7VLeIR5M7dVYYBz8vkoh/3YE5ZsII+Tni2Riv1
+iCBunYvr0sxZ8iVPFn/TWO8l01OfBM5qEPSvObEvMojm8Y1FSMffObb5mlG4euN
gAGnK6j3kgqZqUkDws5XzVTq9SARXUhBekazYi1cU2NXfrT/0swFgcxUk1R5WfSx
LTuD6OPacuqxH1IgYECx+O68uz4hm5R+UeeCGi0KOU//nt5FRJzjFKMKMMnCvMKS
fTX1zxrXCyneZCR5DCUWyAo9WzRSo+I67Xp+SlMwpqnaV7c7R6M=
=ZT4K
-----END PGP SIGNATURE-----

Attachment: pgpcwSfxTWksc.pgp
Description: PGP signature

Reply via email to