[Git][security-tracker-team/security-tracker][master] Reserve DLA-3921-1 for apache2
Bastien Roucariès (@rouca)
rouca at debian.org
Thu Oct 17 16:40:14 BST 2024
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5b1fd304 by Bastien Roucariès at 2024-10-16T21:49:03+00:00
Reserve DLA-3921-1 for apache2
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -24822,7 +24822,6 @@ CVE-2024-40725 (A partial fix for CVE-2024-39884 in the core of Apache HTTP Serv
CVE-2024-39884 (A regression in the core of Apache HTTP Server 2.4.60 ignores some use ...)
- apache2 2.4.61-1
[bookworm] - apache2 <not-affected> (Vulnerable code not present)
- [bullseye] - apache2 <not-affected> (Vulnerable code not present)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-39884
NOTE: Fixed by [1/4] https://github.com/apache/httpd/commit/cf3402e182f7a32eb9085a82347769cb2efe491e (trunk)
NOTE: Fixed by [2/4] https://github.com/apache/httpd/commit/aa4b05ee0536fdbd62b02eaab91f31ae3a305129 (trunk)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[16 Oct 2024] DLA-3921-1 apache2 - security update
+ {CVE-2024-38474 CVE-2024-39884}
+ [bullseye] - apache2 2.4.62-1~deb11u2
[14 Oct 2024] DLA-3920-1 php7.4 - security update
{CVE-2022-4900 CVE-2024-5458 CVE-2024-8925 CVE-2024-8927 CVE-2024-9026}
[bullseye] - php7.4 7.4.33-1+deb11u6
=====================================
data/dla-needed.txt
=====================================
@@ -33,10 +33,6 @@ activemq (santiago)
ansible
NOTE: 20240915: Added by Front-Desk (ta)
--
-apache2 (rouca)
- NOTE: 20241013: Added by coordinator (santiago)
- NOTE: 20241013: Requested by rouca to follow regression fixes from 2.4.62-1~deb12u2
---
asterisk (Thorsten Alteholz)
NOTE: 20240815: Added by Front-Desk (Beuc)
NOTE: 20240815: CVE-2024-42365 is privilege escalation. (Beuc/front-desk)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b1fd30466f5ae6d357fd9d298e72f572c2a3932
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b1fd30466f5ae6d357fd9d298e72f572c2a3932
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241017/fb1fab62/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list