Source: apache2
Source-Version: 2.4.59-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Fri, 05 Apr 2024 08:08:11 +0400
Source: apache2
Built-For-Profiles: nocheck
Architecture: source
Version: 2.4.59-1
Distribution:
Hi,
On Fri, Mar 24, 2023 at 05:17:34PM +0100, Fabien LE BERRE wrote:
> Yes it does look like the bug. The Backtrace looks a lot like the coredump
> I've seen.
> Thanks for the heads up. Looking forward for the patch to be applied
> officially.
Would you be able to have additionally test the
Source: apache2
Version: 2.4.55-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for apache2.
CVE-2023-25690[0]:
| Some mod_proxy configurations on Apache HTTP Server versions 2.4.0
| through 2.4.55
Control: tags -1 + patch
On Mon, Aug 23, 2021 at 03:44:05PM +0200, Salvatore Bonaccorso wrote:
> Source: apr
> Version: 1.7.0-6
> Severity: important
> Tags: security upstream
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
>
> Hi,
>
> The followi
Source: apr
Version: 1.7.0-6
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for apr.
CVE-2021-35940[0]:
| An out-of-bounds array read in the apr_time_exp*() functions was fixed
| in the Apache
Source: apache2
Version: 2.4.47-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for apache2.
CVE-2021-31618[0]:
| httpd: NULL pointer dereference on specially crafted
Source: apache2
Version: 2.4.25-3+deb9u6
Severity: normal
Tags: upstream
Forwarded: https://bz.apache.org/bugzilla/show_bug.cgi?id=61817
Control: found -1 2.4.25-3
Hi
When using a setup using for mod_authnz_ldap the AuthLDAPBindPassword
directive specifically with the exec: variant as documented
Hi Xavier,
On Wed, Jan 23, 2019 at 09:54:29PM +0100, Xavier wrote:
> Le 23/01/2019 à 21:50, Salvatore Bonaccorso a écrit :
> > Hi Xavier,
> >
> > On Wed, Jan 23, 2019 at 09:46:44PM +0100, Xavier wrote:
> >> Le 23/01/2019 à 20:57, Salvatore Bonaccorso a écrit :
Hi Xavier,
On Wed, Jan 23, 2019 at 09:46:44PM +0100, Xavier wrote:
> Le 23/01/2019 à 20:57, Salvatore Bonaccorso a écrit :
> > Control: tags -1 + fixed-upstream
> > Control: tags -1 - patch
> >
> > Hi Xavier,
> >
> > On Wed, Jan 23, 2019 at 09:
Source: apache2
Version: 2.4.37-1
Severity: important
Tags: security upstream fixed-upstream
Control: found -1 2.4.25-3+deb9u6
Control: found -1 2.4.25-3
Hi,
The following vulnerability was published for apache2.
CVE-2018-17199[0]:
mod_session_cookie does not respect expiry time
If you fix the
Source: apache2
Version: 2.4.37-1
Severity: important
Tags: security upstream fixed-upstream
Control: found -1 2.4.25-3+deb9u6
Control: found -1 2.4.25-3
Hi,
The following vulnerability was published for apache2.
CVE-2018-17189[0]:
mod_http2, DoS via slow, unneeded request bodies
If you fix
Control: tags -1 + fixed-upstream
Control: tags -1 - patch
Hi Xavier,
On Wed, Jan 23, 2019 at 09:18:36AM +0100, Xavier wrote:
> Hello,
>
> Debian bug is tagged as "patch", but I didn't find any patch in the
> related documents. Can you give me the link to patch ?
Well you are right, not a
Source: apache2
Version: 2.4.37-1
Severity: grave
Tags: patch security upstream
Hi (Stefan),
I agree the severity is not the best choosen one for this issue, it is
more to ensure we could release buster with an appropriate fix already
before the release. If you disagree, please do downgrade.
Source: apache2
Version: 2.4.25-1
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for apache2.
CVE-2018-11763[0]:
mod_http2, DoS via continuous SETTINGS frames
If you fix the vulnerability please also make sure to include the
CVE (Common
Source: apache2
Version: 2.4.33-1
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for apache2.
CVE-2018-8011[0]:
| By specially crafting HTTP requests, the mod_md challenge handler
| would dereference a NULL pointer and cause the child process to
|
Source: apache2
Version: 2.4.18-1
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for apache2.
CVE-2018-1333[0]:
| By specially crafting HTTP/2 requests, workers would be allocated 60
| seconds longer than necessary, leading to worker exhaustion and a
|
Control: severity -1 serious
Rationale: Raising the severity to RC / serious, due to fix beeing
available in stable but not yet in unstable.
Regards,
Salvatore
Source: apache2
Version: 2.4.10-10
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for apache2.
CVE-2017-9798[0]:
HTTP OPTIONS method can leak Apache's server memory
If you fix the vulnerability please also make sure to include the
CVE (Common
Source: apache2
Version: 2.4.10-10
Severity: important
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for apache2.
CVE-2017-9788[0]:
| In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value
| placeholder in [Proxy-]Authorization headers of type
Source: apache2
Version: 2.4.23-8
Severity: important
Tags: security upstream patch
Hi
CVE-2016-8740 was announced for apache, CVE-2016-8740, Server memory
can be exhausted and service denied when HTTP/2 is used.
Post to oss-security at:
http://www.openwall.com/lists/oss-security/2016/12/05/14
20 matches
Mail list logo