Bug#1068412: marked as done (apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)
Your message dated Sun, 05 May 2024 19:17:41 + with message-id and subject line Bug#1068412: fixed in apache2 2.4.59-1~deb11u1 has caused the Debian Bug report #1068412, regarding apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1068412: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apache2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for apache2. CVE-2024-27316[0]: https://www.kb.cert.org/vuls/id/421644 https://www.openwall.com/lists/oss-security/2024/04/04/4 CVE-2024-24795[1]: https://www.openwall.com/lists/oss-security/2024/04/04/5 CVE-2023-38709[2]: https://www.openwall.com/lists/oss-security/2024/04/04/3 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-27316 https://www.cve.org/CVERecord?id=CVE-2024-27316 [1] https://security-tracker.debian.org/tracker/CVE-2024-24795 https://www.cve.org/CVERecord?id=CVE-2024-24795 [2] https://security-tracker.debian.org/tracker/CVE-2023-38709 https://www.cve.org/CVERecord?id=CVE-2023-38709 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.59-1~deb11u1 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1068...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 05 Apr 2024 16:08:04 +0400 Source: apache2 Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi Architecture: source amd64 all Version: 2.4.59-1~deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Description: apache2- Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Closes: 1068412 Changes: apache2 (2.4.59-1~deb11u1) bullseye-security; urgency=medium . * New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622, CVE-2023-45802) * Drop 2.4.56-regression patches * New upstream version 2.4.59 (Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709) * Install NOTICE files * Update test framework * Refresh patches Checksums-Sha1: b0c553ee2f9076ab255d36f6f77a4155e8f5180d 3539 apache2_2.4.59-1~deb11u1.dsc 7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz 837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc 8d3d9c0ec949faa3683bc395b0955584347323a6 895172 apache2_2.4.59-1~deb11u1.debian.tar.xz 651b4de4722fb3cf7331e0df7147738b7015bf89 3308712 apache2-bin-dbgsym_2.4.59-1~deb11u1_amd64.deb 46176b8ad83ca0e991d575f498d67871b2c2e1d6 1447660 apache2-bin_2.4.59-1~deb11u1_amd64.deb 2cd7eef5039ed029710efc9edb1c8b8d3822381b 160212 apache2-data_2.4.59-1~deb11u1_all.deb 7ae879f3f9fd07d0b0faff14e40af9d955e11a3d 374820 apache2-dev_2.4.59-1~deb11u1_amd64.deb
Bug#1068412: marked as done (apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)
Your message dated Sun, 05 May 2024 18:47:10 + with message-id and subject line Bug#1068412: fixed in apache2 2.4.59-1~deb12u1 has caused the Debian Bug report #1068412, regarding apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1068412: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apache2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for apache2. CVE-2024-27316[0]: https://www.kb.cert.org/vuls/id/421644 https://www.openwall.com/lists/oss-security/2024/04/04/4 CVE-2024-24795[1]: https://www.openwall.com/lists/oss-security/2024/04/04/5 CVE-2023-38709[2]: https://www.openwall.com/lists/oss-security/2024/04/04/3 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-27316 https://www.cve.org/CVERecord?id=CVE-2024-27316 [1] https://security-tracker.debian.org/tracker/CVE-2024-24795 https://www.cve.org/CVERecord?id=CVE-2024-24795 [2] https://security-tracker.debian.org/tracker/CVE-2023-38709 https://www.cve.org/CVERecord?id=CVE-2023-38709 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.59-1~deb12u1 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1068...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 05 Apr 2024 16:02:26 +0400 Source: apache2 Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi Architecture: source amd64 all Version: 2.4.59-1~deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Description: apache2- Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Closes: 1068412 Changes: apache2 (2.4.59-1~deb12u1) bookworm-security; urgency=medium . * New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622, CVE-2023-45802) * New upstream version 2.4.59 (Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709) * Refresh patches * Update test framework Checksums-Sha1: 0ff1bbe49e7266429e3ea5f8df651776b961902e 3520 apache2_2.4.59-1~deb12u1.dsc 7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz 837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc 59cd2b140a3e313345acb675f4792a63ecad7403 820804 apache2_2.4.59-1~deb12u1.debian.tar.xz d854f4e07f350cf3b067caf1ed78edbde3c76031 3734744 apache2-bin-dbgsym_2.4.59-1~deb12u1_amd64.deb f6a264c3f91353e88233eaec66f997d86be150ad 1379912 apache2-bin_2.4.59-1~deb12u1_amd64.deb 16d3d3d8aa25fea0c7755efc8b9685e70cc70b21 160264 apache2-data_2.4.59-1~deb12u1_all.deb 5b643339c2a9ec14872873e41772a91f73031c3d 312108 apache2-dev_2.4.59-1~deb12u1_amd64.deb 4ec40752b1f22964802957e6a59187ec7dce83ea 4022328
Bug#1068412: marked as done (apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)
Your message dated Fri, 5 Apr 2024 21:00:46 +0200 with message-id and subject line [ftpmas...@ftp-master.debian.org: Accepted apache2 2.4.59-1 (source) into unstable] has caused the Debian Bug report #1068412, regarding apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1068412: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apache2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for apache2. CVE-2024-27316[0]: https://www.kb.cert.org/vuls/id/421644 https://www.openwall.com/lists/oss-security/2024/04/04/4 CVE-2024-24795[1]: https://www.openwall.com/lists/oss-security/2024/04/04/5 CVE-2023-38709[2]: https://www.openwall.com/lists/oss-security/2024/04/04/3 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-27316 https://www.cve.org/CVERecord?id=CVE-2024-27316 [1] https://security-tracker.debian.org/tracker/CVE-2024-24795 https://www.cve.org/CVERecord?id=CVE-2024-24795 [2] https://security-tracker.debian.org/tracker/CVE-2023-38709 https://www.cve.org/CVERecord?id=CVE-2023-38709 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.59-1 - Forwarded message from Debian FTP Masters - -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 05 Apr 2024 08:08:11 +0400 Source: apache2 Built-For-Profiles: nocheck Architecture: source Version: 2.4.59-1 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 1032628 1054564 Changes: apache2 (2.4.59-1) unstable; urgency=medium . [ Stefan Fritsch ] * Remove old transitional packages libapache2-mod-md and libapache2-mod-proxy-uwsgi. Closes: #1032628 . [ Yadd ] * mod_proxy_connect: disable AllowCONNECT by default (Closes: #1054564) * Refresh patches * New upstream version 2.4.59 * Refresh patches * Update patches * Update test framework Checksums-Sha1: f1cf18103ca23c57beaa2985bbbe4eee1e8dff87 3334 apache2_2.4.59-1.dsc 7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz 837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc 3e1cad5ee1fc66d350465c1e81d7e0f88221bc01 820300 apache2_2.4.59-1.debian.tar.xz Checksums-Sha256: 25e6990e65cb685f3172143648806ab0fd263a18cd412155f0d14d7ef9987428 3334 apache2_2.4.59-1.dsc e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f 9843252 apache2_2.4.59.orig.tar.gz 0ad3f670b944ebf08c81544bc82fae9496e88d96840cd0612d8cdeaa073eb06d 833 apache2_2.4.59.orig.tar.gz.asc 1e869a5024215a2a9b69603daf1395840774640f7b2701ca4b7971452a0641d1 820300 apache2_2.4.59-1.debian.tar.xz Files: 3f3ee286b583f22ec5cb3efc1f0a5016 3334 httpd optional apache2_2.4.59-1.dsc c39d28e0777bc95631cb49958fdb6601 9843252 httpd optional apache2_2.4.59.orig.tar.gz 3c342b3dcc0fe227a1fffdf9997987d0 833 httpd optional apache2_2.4.59.orig.tar.gz.asc 4da024370ede9c5a75a0df725be0cdc5 820300 httpd optional apache2_2.4.59-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmYPec8ACgkQ9tdMp8mZ 7umCiw//TB1rIA1czwHsUrdeOIT3HG9qERzBJsmsP8nyg+cIrytiGfhlt2eOmLYO X+Wo19J98VuCmTbJClb6opAfSpvJG2AmNUl/PYAqOBzvDgR+QlEMmVXVgxUp9+Tv 0e0P2H+8U0pO3dE51VIXqYtCLTLQnLaci763ewB0oRlSWuzoVNDDahUS3iJ5e58o btwUQQwq+2F+RBclRhuXca3dOI93UBZDsv56mxR+p2o0vpo+pQRZjHDv8tzT3bOq /PyWusXKPDf9MXYZqwY2TgYx8v/YdDVYqzgr6Tj/VXgXEKC22pudzSv9/J5iGfHh VHmf02Gh+0wNWmxajqK2KlxjMON/Qn6kyoAok9w5vv4HtOXBZimzdq0kDsc8EjJl QuaBcwIAy+0EATBhjaVY7sHtM9SydJNr1f4DBBD9kEB2DKEE9n7/iFxcFfSMd52Y xwJ4fPk1fe1ki7k/qn0VULpzf1iM3JDQE19uXyE29cSW4eJhiWvH1v+NZzzxNo+t NtDhSIEEnUkGZSsYyg2qg5NH3e3PJMadc1nTRY6hVNzGpJlsUrCKnMOZbJsBQM6S cNCY48ux8ziQmJNowvBVbXf6/+SH9h2+CYFRw9GZagaNe1yfErNglbn78KZqJUHw YcXIFc96qeznRJ9zRhPdHGGeqa+nETH1lWBp6eitihkKhDjCF48= =dQDE -END PGP SIGNATURE- - End forwarded message End Message ---
