[Git][security-tracker-team/security-tracker][master] Expand apache2 upstream reference with direct linking to entry
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 5 12:41:51 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c847fe51 by Salvatore Bonaccorso at 2026-05-05T13:41:04+02:00
Expand apache2 upstream reference with direct linking to entry
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -289,32 +289,32 @@ CVE-2026-34882
CVE-2026-34059 (Buffer Over-read vulnerability in Apache HTTP Server. This issue affe ...)
- apache2 <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/17
- NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-34059
NOTE: https://github.com/apache/httpd/commit/a3d32288317a87b1398825f2167e0ae083ed43da (2.4.67-rc1-candidate)
CVE-2026-34032 (Improper Null Termination, Out-of-bounds Read vulnerability in Apache ...)
- apache2 <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/16
- NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-34032
NOTE: https://github.com/apache/httpd/commit/b8def8fe323f7f67d0e03bb83c67d66bd8d7fcb2 (2.4.67-rc1-candidate)
CVE-2026-33857 (Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Ser ...)
- apache2 <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/15
- NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-33857
NOTE: https://github.com/apache/httpd/commit/493eb23e5cc18c3a7be53977c182ff5d1360c64c (2.4.67-rc1-candidate)
CVE-2026-33523 (HTTP response splitting vulnerability in multiple Apache HTTP Server m ...)
- apache2 <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/23
- NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-33523
NOTE: https://github.com/apache/httpd/commit/0218d4b9c1c0706df4bd7a3e3b15f71d4b66126a (2.4.67-rc1-candidate)
CVE-2026-33007 (A NULL pointer dereference in the mod_authn_socache in Apache HTTP Ser ...)
- apache2 <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/22
- NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-33007
NOTE: https://github.com/apache/httpd/commit/d80685a9e0241d99e94aa2fc0aa491d90c4ae9e8 (2.4.67-rc1-candidate)
CVE-2026-33006 (A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 a ...)
- apache2 <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/21
- NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-33006
NOTE: https://github.com/apache/httpd/commit/4833b58c484c4eb8b429887b472bf4967cf88320 (2.4.67-rc1-candidate)
CVE-2026-32834 (Easy PayPal Events & Tickets plugin for WordPress version 1.3 and earl ...)
NOT-FOR-US: WordPress plugin
@@ -333,7 +333,7 @@ CVE-2026-29514 (NetBox versions 4.3.5 through 4.5.4 contain a remote code execut
CVE-2026-29169 (A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.6 ...)
- apache2 <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2026/05/04/20
- NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-29169
NOTE: https://github.com/apache/httpd/commit/225dc070adba11040b774cf641e1d8bc79941643 (2.4.67-rc1-candidate)
CVE-2026-29004 (BusyBox before commit 42202bf contains a heap buffer overflow vulnerab ...)
TODO: check
@@ -358,12 +358,12 @@ CVE-2026-24082 (Memory Corruption when copying data from a freed source while ex
CVE-2026-24072 (An escalation of privilege bug in various modules in Apache HTTP 2.4.6 ...)
- apache2 <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/18
- NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-24072
NOTE: https://github.com/apache/httpd/commit/05e6c5086d6792b9105f88e1664b2614087f79d5 (2.4.67-rc1-candidate)
CVE-2026-23918 (Double Free and possible RCE vulnerability in Apache HTTP Server with ...)
- apache2 <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/19
- NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-23918
NOTE: https://github.com/apache/httpd/commit/e41e84e08e6186460e77a8357b5d5c571d33bd76 (2.4.67-rc1-candidate)
CVE-2026-1921 (The Loco Translate plugin for WordPress is vulnerable to Path Traversa ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c847fe511087c2ddb66b63dc8a18dfd72a2c1c9f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c847fe511087c2ddb66b63dc8a18dfd72a2c1c9f
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260505/9be4568b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list