[Git][security-tracker-team/security-tracker][master] Reserve DLA-3921-1 for apache2

Bastien Roucariès (@rouca) rouca at debian.org
Thu Oct 17 16:40:14 BST 2024



Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5b1fd304 by Bastien Roucariès at 2024-10-16T21:49:03+00:00
Reserve DLA-3921-1 for apache2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -24822,7 +24822,6 @@ CVE-2024-40725 (A partial fix for CVE-2024-39884 in the core of Apache HTTP Serv
 CVE-2024-39884 (A regression in the core of Apache HTTP Server 2.4.60 ignores some use ...)
 	- apache2 2.4.61-1
 	[bookworm] - apache2 <not-affected> (Vulnerable code not present)
-	[bullseye] - apache2 <not-affected> (Vulnerable code not present)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-39884
 	NOTE: Fixed by [1/4] https://github.com/apache/httpd/commit/cf3402e182f7a32eb9085a82347769cb2efe491e (trunk)
 	NOTE: Fixed by [2/4] https://github.com/apache/httpd/commit/aa4b05ee0536fdbd62b02eaab91f31ae3a305129 (trunk)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[16 Oct 2024] DLA-3921-1 apache2 - security update
+	{CVE-2024-38474 CVE-2024-39884}
+	[bullseye] - apache2 2.4.62-1~deb11u2
 [14 Oct 2024] DLA-3920-1 php7.4 - security update
 	{CVE-2022-4900 CVE-2024-5458 CVE-2024-8925 CVE-2024-8927 CVE-2024-9026}
 	[bullseye] - php7.4 7.4.33-1+deb11u6


=====================================
data/dla-needed.txt
=====================================
@@ -33,10 +33,6 @@ activemq (santiago)
 ansible
   NOTE: 20240915: Added by Front-Desk (ta)
 --
-apache2 (rouca)
-  NOTE: 20241013: Added by coordinator (santiago)
-  NOTE: 20241013: Requested by rouca to follow regression fixes from 2.4.62-1~deb12u2
---
 asterisk (Thorsten Alteholz)
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: CVE-2024-42365 is privilege escalation. (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b1fd30466f5ae6d357fd9d298e72f572c2a3932

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b1fd30466f5ae6d357fd9d298e72f572c2a3932
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241017/fb1fab62/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list