[Git][security-tracker-team/security-tracker][master] Add commit references for apache2 issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 9 20:36:35 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
63711a4d by Salvatore Bonaccorso at 2025-12-09T21:36:01+01:00
Add commit references for apache2 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3320,12 +3320,14 @@ CVE-2025-66200 (mod_userdir+suexec bypass via AllowOverride FileInfo vulnerabili
 	[bookworm] - apache2 <no-dsa> (Minor issue)
 	[bullseye] - apache2 <postponed> (Minor issue)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-66200
+	NOTE: https://github.com/apache/httpd/commit/9d26b95787b229a3f6195d7beead774d131eeda1
 CVE-2025-65082 (Improper Neutralization of Escape, Meta, or Control Sequences vulnerab ...)
 	- apache2 2.4.66-1 (bug #1121926)
 	[trixie] - apache2 <no-dsa> (Minor issue)
 	[bookworm] - apache2 <no-dsa> (Minor issue)
 	[bullseye] - apache2 <postponed> (Minor issue)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-65082
+	NOTE: https://github.com/apache/httpd/commit/e4f00c5eb71d8a7aa1f52b5279832986f669d463
 CVE-2025-59775 (Server-Side Request Forgery (SSRF) vulnerability   in Apache HTTP Serv ...)
 	- apache2 <not-affected> (Only affects Apache on Windows)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-59775
@@ -3335,12 +3337,14 @@ CVE-2025-58098 (Apache HTTP Server 2.4.65 and earlier with Server Side Includes
 	[bookworm] - apache2 <no-dsa> (Minor issue)
 	[bullseye] - apache2 <postponed> (Minor issue)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-58098
+	NOTE: https://github.com/apache/httpd/commit/ecc1b8f3817e3dcab9c1f24f905752d3c0a279af
 CVE-2025-55753 (An integer overflow in the case of failed ACME certificate renewal lea ...)
 	- apache2 2.4.66-1 (bug #1121926)
 	[trixie] - apache2 <no-dsa> (Minor issue)
 	[bookworm] - apache2 <no-dsa> (Minor issue)
 	[bullseye] - apache2 <postponed> (Minor issue)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-55753
+	NOTE: https://github.com/apache/httpd/commit/ab9dd8e2cfe7d62efe5ff8925fbef1de756a2fc2
 CVE-2025-40215 (In the Linux kernel, the following vulnerability has been resolved:  x ...)
 	- linux 6.16.3-1
 	NOTE: https://git.kernel.org/linus/b441cf3f8c4b8576639d20c8eb4aa32917602ecd (6.16)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63711a4d7b4b0357b7dcf01671c934609cc1de04

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63711a4d7b4b0357b7dcf01671c934609cc1de04
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251209/a1239045/attachment.htm>

More information about the debian-security-tracker-commits mailing list