[Git][security-tracker-team/security-tracker][master] Reserve DLA-4270-1 for apache2

Bastien Roucariès (@rouca) rouca at debian.org
Tue Aug 12 17:17:47 BST 2025 


Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9f394fc4 by Bastien Roucariès at 2025-08-12T18:17:32+02:00
Reserve DLA-4270-1 for apache2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4757,7 +4757,6 @@ CVE-2010-10012 (A path traversal vulnerability exists in httpdasm version 0.92,
 CVE-2025-54090 (A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr .. ...)
 	- apache2 2.4.65-1
 	[bookworm] - apache2 <not-affected> (Vulnerable code introduced in 2.4.64)
-	[bullseye] - apache2 <not-affected> (Vulnerable code introduced in 2.4.64)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-54090
 	NOTE: Fixed by: https://github.com/apache/httpd/commit/8abb3d06b23975705ebcf4bf4476464fd0b9bd0b (2.4.65)
 	NOTE: Introduced by: https://github.com/apache/httpd/commit/8efe8ea18c6f7123c5779bb4d9551ccf407dc0c4 (2.4.64)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[12 Aug 2025] DLA-4270-1 apache2 - security update
+	{CVE-2024-42516 CVE-2024-43204 CVE-2024-43394 CVE-2024-47252 CVE-2025-23048 CVE-2025-49630 CVE-2025-49812 CVE-2025-53020 CVE-2025-54090}
+	[bullseye] - apache2 2.4.65-1~deb11u1
 [11 Aug 2025] DLA-4269-1 ca-certificates-java - bugfix update
 	[bullseye] - ca-certificates-java 20230710~deb12u1~deb11u1
 [11 Aug 2025] DLA-4268-1 node-tmp - security update


=====================================
data/dla-needed.txt
=====================================
@@ -42,11 +42,6 @@ ansible
   NOTE: 20241123: Made a partial release. only CVE-2024-11079 needed but more upstream backport work needed (rouca)
   NOTE: 20250422: Testing/bisecting will take more time, please keep it assigned to me (lee)
 --
-apache2 (rouca)
-  NOTE: 20250712: Added by Front-Desk (apo)
-  NOTE: 20250714: Try to find fixes on github repo (rouca)
-  NOTE: 20250729: AWX load balancer broken by security fixes. Will wait a little bit (rouca)
---
 busybox
   NOTE: 20250425: Added by Front-Desk (rouca)
   NOTE: 20250519: Asked maintainers about any pending work and offered help.  (spwhitton)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f394fc44c04fc18af9802095c137ff801c9d2da

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f394fc44c04fc18af9802095c137ff801c9d2da
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250812/47354833/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list