[Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-54090/apache2
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 29 08:22:07 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eac41e08 by Salvatore Bonaccorso at 2025-07-29T09:21:21+02:00
Update status for CVE-2025-54090/apache2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1582,6 +1582,8 @@ CVE-2010-10012 (A path traversal vulnerability exists in httpdasm version 0.92,
NOT-FOR-US: httpdasm
CVE-2025-54090 (A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr .. ...)
- apache2 2.4.65-1
+ [bookworm] - apache2 <not-affected> (Vulnerable code introduced in 2.4.64)
+ [bullseye] - apache2 <not-affected> (Vulnerable code introduced in 2.4.64)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-54090
NOTE: Fixed by: https://github.com/apache/httpd/commit/8abb3d06b23975705ebcf4bf4476464fd0b9bd0b
CVE-2025-8035 (Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eac41e083e449eeeb352b5dc5d58d284bf202623
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eac41e083e449eeeb352b5dc5d58d284bf202623
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250729/c9bd04e6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list