Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
870957de by Salvatore Bonaccorso at 2026-06-11T21:01:13+02:00
Unify notes for apache2 entries
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2351,8 +2351,8 @@ CVE-2026-48913 (Use After Free vulnerability in Apache
HTTP Server module mod_ht
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-48913
- NOTE: fixed by jumbo patch:
https://github.com/apache/httpd/commit/dbf1cc4dd62b681a0066271720994a047a3329ca
(2.4.68-rc1-candidate)
- NOTE: fixed by:
https://github.com/icing/mod_h2/commit/e6a28242f23084f6dbae32090121148e99fdda78
+ NOTE: Fixed by jumbo patch:
https://github.com/apache/httpd/commit/dbf1cc4dd62b681a0066271720994a047a3329ca
(2.4.68-rc1-candidate)
+ NOTE: Fixed by:
https://github.com/icing/mod_h2/commit/e6a28242f23084f6dbae32090121148e99fdda78
(v2.0.42)
NOTE: Bug https://github.com/icing/mod_h2/issues/325
CVE-2026-48507 (Snipe-IT is an IT asset/license management system. A
vulnerability in ...)
- snipe-it <itp> (bug #1005172)
@@ -2397,13 +2397,13 @@ CVE-2026-44631 (Buffer Underwrite vulnerability in
Apache HTTP Server on crafted
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44631
- NOTE:
https://github.com/apache/httpd/commit/7d9f3cfb10b0fe70df7358d26d7b1f374ea1a0cb
(2.4.68-rc1-candidate)
+ NOTE: Fixed by:
https://github.com/apache/httpd/commit/7d9f3cfb10b0fe70df7358d26d7b1f374ea1a0cb
(2.4.68-rc1-candidate)
CVE-2026-44186 (Loop with Unreachable Exit Condition ('Infinite Loop')
vulnerability i ...)
- apache2 <unfixed> (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44186
- NOTE: Fixed by
https://github.com/apache/httpd/commit/414de374a06549b2c6710cbcff81c3821379f75c
(2.4.68-rc1-candidate)
+ NOTE: Fixed by:
https://github.com/apache/httpd/commit/414de374a06549b2c6710cbcff81c3821379f75c
(2.4.68-rc1-candidate)
CVE-2026-44185 (Buffer Over-read vulnerability in Apache HTTP Server via
outbound OCSP ...)
- apache2 <unfixed> (bug #1139340)
[trixie] - apache2 <no-dsa> (Minor issue)
@@ -2448,8 +2448,8 @@ CVE-2026-42535 (A path handling issue in mod_dav_fs in
Apache 2.4.67 and earlier
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-42535
- NOTE: Fixed by:
https://github.com/apache/httpd/commit/56bfb128432a38e2e6bc5448122914bb271b1252
(2.4.68-rc1-candidate)
NOTE: Fixed by:
https://github.com/apache/httpd/commit/7e871beec56d41fe098f48f5a5bcb1525c448d77
(trunk)
+ NOTE: Fixed by:
https://github.com/apache/httpd/commit/56bfb128432a38e2e6bc5448122914bb271b1252
(2.4.68-rc1-candidate)
CVE-2026-41724 (VMware Cloud Foundation Operations contains multiple stored
cross-site ...)
NOT-FOR-US: VMware
CVE-2026-41723 (VMware Cloud Foundation Operations contains multiple stored
cross-site ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/870957de78de3dafd15986032de3efdf92451fd7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/870957de78de3dafd15986032de3efdf92451fd7
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits