Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
870957de by Salvatore Bonaccorso at 2026-06-11T21:01:13+02:00
Unify notes for apache2 entries

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2351,8 +2351,8 @@ CVE-2026-48913 (Use After Free vulnerability in Apache 
HTTP Server module mod_ht
        [trixie] - apache2 <no-dsa> (Minor issue)
        [bookworm] - apache2 <no-dsa> (Minor issue)
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-48913
-       NOTE: fixed by jumbo patch: 
https://github.com/apache/httpd/commit/dbf1cc4dd62b681a0066271720994a047a3329ca 
(2.4.68-rc1-candidate)
-       NOTE: fixed by: 
https://github.com/icing/mod_h2/commit/e6a28242f23084f6dbae32090121148e99fdda78
+       NOTE: Fixed by jumbo patch: 
https://github.com/apache/httpd/commit/dbf1cc4dd62b681a0066271720994a047a3329ca 
(2.4.68-rc1-candidate)
+       NOTE: Fixed by: 
https://github.com/icing/mod_h2/commit/e6a28242f23084f6dbae32090121148e99fdda78 
(v2.0.42)
        NOTE: Bug https://github.com/icing/mod_h2/issues/325
 CVE-2026-48507 (Snipe-IT is an IT asset/license management system. A 
vulnerability in  ...)
        - snipe-it <itp> (bug #1005172)
@@ -2397,13 +2397,13 @@ CVE-2026-44631 (Buffer Underwrite vulnerability in 
Apache HTTP Server on crafted
        [trixie] - apache2 <no-dsa> (Minor issue)
        [bookworm] - apache2 <no-dsa> (Minor issue)
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44631
-       NOTE: 
https://github.com/apache/httpd/commit/7d9f3cfb10b0fe70df7358d26d7b1f374ea1a0cb 
(2.4.68-rc1-candidate)
+       NOTE: Fixed by: 
https://github.com/apache/httpd/commit/7d9f3cfb10b0fe70df7358d26d7b1f374ea1a0cb 
(2.4.68-rc1-candidate)
 CVE-2026-44186 (Loop with Unreachable Exit Condition ('Infinite Loop') 
vulnerability i ...)
        - apache2 <unfixed> (bug #1139340)
        [trixie] - apache2 <no-dsa> (Minor issue)
        [bookworm] - apache2 <no-dsa> (Minor issue)
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44186
-       NOTE: Fixed by 
https://github.com/apache/httpd/commit/414de374a06549b2c6710cbcff81c3821379f75c 
(2.4.68-rc1-candidate)
+       NOTE: Fixed by: 
https://github.com/apache/httpd/commit/414de374a06549b2c6710cbcff81c3821379f75c 
(2.4.68-rc1-candidate)
 CVE-2026-44185 (Buffer Over-read vulnerability in Apache HTTP Server via 
outbound OCSP ...)
        - apache2 <unfixed> (bug #1139340)
        [trixie] - apache2 <no-dsa> (Minor issue)
@@ -2448,8 +2448,8 @@ CVE-2026-42535 (A path handling issue in mod_dav_fs in 
Apache 2.4.67 and earlier
        [trixie] - apache2 <no-dsa> (Minor issue)
        [bookworm] - apache2 <no-dsa> (Minor issue)
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-42535
-       NOTE: Fixed by: 
https://github.com/apache/httpd/commit/56bfb128432a38e2e6bc5448122914bb271b1252 
(2.4.68-rc1-candidate)
        NOTE: Fixed by: 
https://github.com/apache/httpd/commit/7e871beec56d41fe098f48f5a5bcb1525c448d77 
(trunk)
+       NOTE: Fixed by: 
https://github.com/apache/httpd/commit/56bfb128432a38e2e6bc5448122914bb271b1252 
(2.4.68-rc1-candidate)
 CVE-2026-41724 (VMware Cloud Foundation Operations contains multiple stored 
cross-site ...)
        NOT-FOR-US: VMware
 CVE-2026-41723 (VMware Cloud Foundation Operations contains multiple stored 
cross-site ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/870957de78de3dafd15986032de3efdf92451fd7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/870957de78de3dafd15986032de3efdf92451fd7
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to