[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2026-42536/apache2

Bastien Roucariès (@rouca) rouca at debian.org
Wed Jun 10 21:24:20 BST 2026 


Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f9e1f895 by Bastien Roucariès at 2026-06-10T22:21:27+02:00
CVE-2026-42536/apache2

- - - - -
a33e4a68 by Bastien Roucariès at 2026-06-10T22:21:30+02:00
CVE-2026-43951/apache2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2352,6 +2352,7 @@ CVE-2026-43966 (Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP
 CVE-2026-43951 (Out-of-bounds Read vulnerability in Apache HTTP Server with mod_header ...)
 	- apache2 <unfixed> (bug #1139340)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-43951
+	NOTE: Fixed by: https://github.com/apache/httpd/commit/6ff9dc2fdbe7ffd2f8a6c9ffe9ec801d53c760ba (2.4.68-rc1-candidate)
 CVE-2026-42863 (Flowise is a drag & drop user interface to build a customized large la ...)
 	NOT-FOR-US: Flowise
 CVE-2026-42862 (Flowise is a drag & drop user interface to build a customized large la ...)
@@ -2361,6 +2362,8 @@ CVE-2026-42861 (Flowise is a drag & drop user interface to build a customized la
 CVE-2026-42536 (Heap-based Buffer Overflow vulnerability in Apache HTTP Server withmod ...)
 	- apache2 <unfixed> (bug #1139340)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-42536
+	NOTE: Fixed by: https://github.com/apache/httpd/commit/fa5d85bbc832a587c3c5bca7c19fb21df96b5df0 (trunk)
+	NOTE: Fixed by: https://github.com/apache/httpd/commit/cb1f79c0ce66393c48657b19df754f16b79af543 (2.4.68-rc1-candidate)
 CVE-2026-42535 (A path handling issue in mod_dav_fs in Apache 2.4.67 and earlierallows ...)
 	- apache2 <unfixed> (bug #1139340)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-42535



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fce1e89a6bfe5c8e761cb15a7466617275f46b0e...a33e4a6822ec9866a572f247b1f08b1e800f68e3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fce1e89a6bfe5c8e761cb15a7466617275f46b0e...a33e4a6822ec9866a572f247b1f08b1e800f68e3
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260610/74957ae6/attachment.htm>

More information about the debian-security-tracker-commits mailing list