[Git][security-tracker-team/security-tracker][master] Remove listing of CVE-2025-54090 in DLA

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 12 18:36:05 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
111cbba5 by Salvatore Bonaccorso at 2025-08-12T19:35:03+02:00
Remove listing of CVE-2025-54090 in DLA

As there was not 2.4.64 upload (and neither a specific backport) the
vulnerable code was never in a bullseye released version. Retain the
status and drop the listing of the CVE in the DLA.

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4760,6 +4760,7 @@ CVE-2010-10012 (A path traversal vulnerability exists in httpdasm version 0.92,
 CVE-2025-54090 (A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr .. ...)
 	- apache2 2.4.65-1
 	[bookworm] - apache2 <not-affected> (Vulnerable code introduced in 2.4.64)
+	[bullseye] - apache2 <not-affected> (Vulnerable code introduced in 2.4.64)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-54090
 	NOTE: Fixed by: https://github.com/apache/httpd/commit/8abb3d06b23975705ebcf4bf4476464fd0b9bd0b (2.4.65)
 	NOTE: Introduced by: https://github.com/apache/httpd/commit/8efe8ea18c6f7123c5779bb4d9551ccf407dc0c4 (2.4.64)


=====================================
data/DLA/list
=====================================
@@ -1,5 +1,5 @@
 [12 Aug 2025] DLA-4270-1 apache2 - security update
-	{CVE-2024-42516 CVE-2024-43204 CVE-2024-43394 CVE-2024-47252 CVE-2025-23048 CVE-2025-49630 CVE-2025-49812 CVE-2025-53020 CVE-2025-54090}
+	{CVE-2024-42516 CVE-2024-43204 CVE-2024-43394 CVE-2024-47252 CVE-2025-23048 CVE-2025-49630 CVE-2025-49812 CVE-2025-53020}
 	[bullseye] - apache2 2.4.65-1~deb11u1
 [11 Aug 2025] DLA-4269-1 ca-certificates-java - bugfix update
 	[bullseye] - ca-certificates-java 20230710~deb12u1~deb11u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/111cbba5dc0a7cf6f0d4ccaa79b89badec566f62

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/111cbba5dc0a7cf6f0d4ccaa79b89badec566f62
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250812/26fcf061/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list