On Sat, 2026-06-13 at 14:34 +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Fri, 2026-06-12 at 09:34 +0200, Xavier Guimard wrote: > > Apache2 is vulnerable to various medium CVEs (CVE-2026-29167, CVE- > > 2026-29170, > > CVE-2026-34355, CVE-2026-34356, CVE-2026-42535, CVE-2026-42536, > > CVE-2026-43951, CVE-2026-44119, CVE-2026-44185, CVE-2026-44186, > > CVE-2026-44631, CVE-2026-48913). > [...] > > I put here just the debian/ diff. The whole diff is big > > That's not a reason not to include it. (Compressing often works, as > does sending it separately after filing the bug, to ensure that the > initial message reaches debian-release.) > > Please go ahead.
I'm assuming you uploaded the trixie and bookworm versions close together, and included the orig tarball with both. The bookworm upload is stuck in the upload queue, because the tarball got removed when the trixie upload was processed: Jun 13 21:35:32 processing /apache2_2.4.68-1~deb12u1_sourceonly.changes Jun 13 21:35:33 apache2_2.4.68.orig.tar.gz doesn't exist (ignored for now) Jun 13 21:35:33 apache2_2.4.68.orig.tar.gz.asc doesn't exist (ignored for now) You should just be able to re-upload the tarball and signature; otherwise dcut and re-upload the whole package. Regards, Adam
