[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for apache2 issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 8 21:48:21 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e5e55da8 by Salvatore Bonaccorso at 2026-06-08T22:48:09+02:00
Add Debian bug reference for apache2 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2026-49233 (Routinator does not properly check the module component of rsync
 CVE-2026-49232 (Routinator exits on any error when accepting incoming HTTP or RTR conn ...)
 	- routinator <itp> (bug #929024)
 CVE-2026-48913 (Use After Free vulnerability in Apache HTTP Server module mod_http2 wh ...)
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1139340)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-48913
 CVE-2026-48507 (Snipe-IT is an IT asset/license management system. A vulnerability in  ...)
 	- snipe-it <itp> (bug #1005172)
@@ -72,16 +72,16 @@ CVE-2026-46440 (Flowise is a drag & drop user interface to build a customized la
 CVE-2026-45581 (fabric-chaincode-java is a Java based implementation of Hyperledger Fa ...)
 	NOT-FOR-US: fabric-chaincode-java
 CVE-2026-44631 (Buffer Underwrite vulnerability in Apache HTTP Server on crafted regul ...)
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1139340)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44631
 CVE-2026-44186 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...)
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1139340)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44186
 CVE-2026-44185 (Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP ...)
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1139340)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44185
 CVE-2026-44119 (Improper Privilege Management vulnerability in Apache HTTP Server 2.4. ...)
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1139340)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-44119
 CVE-2026-43974 (Unexpected Status Code or Return Value vulnerability in ninenines gun  ...)
 	TODO: check
@@ -92,7 +92,7 @@ CVE-2026-43972 (Origin Validation Error vulnerability in ninenines gun (gun_http
 CVE-2026-43966 (Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Reque ...)
 	TODO: check
 CVE-2026-43951 (Out-of-bounds Read vulnerability in Apache HTTP Server with mod_header ...)
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1139340)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-43951
 CVE-2026-42863 (Flowise is a drag & drop user interface to build a customized large la ...)
 	NOT-FOR-US: Flowise
@@ -101,10 +101,10 @@ CVE-2026-42862 (Flowise is a drag & drop user interface to build a customized la
 CVE-2026-42861 (Flowise is a drag & drop user interface to build a customized large la ...)
 	NOT-FOR-US: Flowise
 CVE-2026-42536 (Heap-based Buffer Overflow vulnerability in Apache HTTP Server withmod ...)
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1139340)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-42536
 CVE-2026-42535 (A path handling issue in mod_dav_fs in Apache 2.4.67 and earlierallows ...)
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1139340)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-42535
 CVE-2026-41724 (VMware Cloud Foundation Operations contains multiple stored cross-site ...)
 	NOT-FOR-US: VMware
@@ -125,18 +125,18 @@ CVE-2026-36789 (Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was
 CVE-2026-36786 (Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered ...)
 	NOT-FOR-US: Tenda
 CVE-2026-34356 (Heap-based Buffer Overflow vulnerability in Apache HTTP Server with ma ...)
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1139340)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-34356
 CVE-2026-34355 (A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and e ...)
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1139340)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-34355
 CVE-2026-34194 (Software installed and run as a non-privileged user may conduct improp ...)
 	NOT-FOR-US: Imagination Technologies
 CVE-2026-29170 (A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML di ...)
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1139340)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-29170
 CVE-2026-29167 (Use After Free vulnerability in Apache HTTP Server with mod_ldap in pe ...)
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1139340)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-29167
 CVE-2026-25856 (OpenBullet2 through version 0.3.2 contains an authenticated remote cod ...)
 	TODO: check



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5e55da83c05f9fc0b16869fa5d4357080762af6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5e55da83c05f9fc0b16869fa5d4357080762af6
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260608/d885dd73/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list