apache2_2.4.54-1_sourceonly.changes ACCEPTED into unstable

Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 09 Jun 2022 06:33:53 +0200 Source: apache2 Built-For-Profiles: nocheck Architecture: source Version: 2.4.54-1 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd

Bug#1010455: marked as done (Should apache2.README.Debian refer to apache-htcacheclean ?)

Your message dated Thu, 09 Jun 2022 05:03:55 + with message-id and subject line Bug#1010455: fixed in apache2 2.4.54-1 has caused the Debian Bug report #1010455, regarding Should apache2.README.Debian refer to apache-htcacheclean ? to be marked as done. This means that you claim that the

Bug#1012513: marked as done (apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556)

Your message dated Thu, 09 Jun 2022 05:03:55 + with message-id and subject line Bug#1012513: fixed in apache2 2.4.54-1 has caused the Debian Bug report #1012513, regarding apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 to be

Processing of apache2_2.4.54-1_sourceonly.changes

apache2_2.4.54-1_sourceonly.changes uploaded successfully to localhost along with the files: apache2_2.4.54-1.dsc apache2_2.4.54.orig.tar.gz apache2_2.4.54.orig.tar.gz.asc apache2_2.4.54-1.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org)

Processed: tagging 1012513, found 1012513 in 2.4.53-2

Processing commands for cont...@bugs.debian.org: > tags 1012513 + upstream Bug #1012513 [src:apache2] apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 Added tag(s) upstream. > found 1012513 2.4.53-2 Bug #1012513 [src:apache2]

Bug#1012513: apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556

On Wed, Jun 08, 2022 at 07:51:28PM +0200, Yadd wrote: > Hi, > > those CVEs are tagged low/moderate by upstream, why did you tag this bug as > grave ? Anything moderate or above should get fixed by the next Debian release IOW RC severity. Cheers, Moritz

Bug#1012513: apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556

Hi, those CVEs are tagged low/moderate by upstream, why did you tag this bug as grave ? Cheers, Yadd Le Mercredi, Juin 08, 2022 17:49 CEST, Moritz Mühlenhoff a écrit: > Source: apache2 > X-Debbugs-CC: t...@security.debian.org > Severity: grave > Tags: security > > Hi, > > The following

Bug#790943: Root and local certificate location clash

You made a very good investigation on the topic. I agree that a public cert shouldn't be placed into the same folder as CA certs. There is some mention of a weird bug https://serverfault.com/a/840191/442430 Instead I think that both private key and cert should be merged into a one file and placed

Bug#1012513: apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556

Source: apache2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for apache2. CVE-2022-31813[0]: | Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* | headers to the origin server based on client side

Project of System

Hello, Are you affected by limited local resources or service capability disrupted by war? You want to work with an experienced company from the European Union? Dynamic software company, since 2011 on the market, with over 100 software engineers opens for new work. We usually work with EMEA