[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for apache2 issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 5 12:55:10 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7800e210 by Salvatore Bonaccorso at 2026-05-05T13:53:24+02:00
Add Debian bug reference for apache2 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -287,32 +287,32 @@ CVE-2026-35228 (Vulnerability in the Oracle MCP Server Helper Tool product of Or
 CVE-2026-34882
 	REJECTED
 CVE-2026-34059 (Buffer Over-read vulnerability in Apache HTTP Server.  This issue affe ...)
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1135737)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/17
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-34059
 	NOTE: https://github.com/apache/httpd/commit/a3d32288317a87b1398825f2167e0ae083ed43da (2.4.67-rc1-candidate)
 CVE-2026-34032 (Improper Null Termination, Out-of-bounds Read vulnerability in Apache  ...)
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1135737)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/16
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-34032
 	NOTE: https://github.com/apache/httpd/commit/b8def8fe323f7f67d0e03bb83c67d66bd8d7fcb2 (2.4.67-rc1-candidate)
 CVE-2026-33857 (Out-of-bounds Read vulnerability in mod_proxy_ajp of   Apache HTTP Ser ...)
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1135737)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/15
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-33857
 	NOTE: https://github.com/apache/httpd/commit/493eb23e5cc18c3a7be53977c182ff5d1360c64c (2.4.67-rc1-candidate)
 CVE-2026-33523 (HTTP response splitting vulnerability in multiple Apache HTTP Server m ...)
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1135737)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/23
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-33523
 	NOTE: https://github.com/apache/httpd/commit/0218d4b9c1c0706df4bd7a3e3b15f71d4b66126a (2.4.67-rc1-candidate)
 CVE-2026-33007 (A NULL pointer dereference in the mod_authn_socache in Apache HTTP Ser ...)
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1135737)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/22
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-33007
 	NOTE: https://github.com/apache/httpd/commit/d80685a9e0241d99e94aa2fc0aa491d90c4ae9e8 (2.4.67-rc1-candidate)
 CVE-2026-33006 (A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 a ...)
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1135737)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/21
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-33006
 	NOTE: https://github.com/apache/httpd/commit/4833b58c484c4eb8b429887b472bf4967cf88320 (2.4.67-rc1-candidate)
@@ -331,7 +331,7 @@ CVE-2026-2729 (The Forminator plugin for WordPress is vulnerable to authorizatio
 CVE-2026-29514 (NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vu ...)
 	TODO: check
 CVE-2026-29169 (A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.6 ...)
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1135737)
 	NOTE: http://www.openwall.com/lists/oss-security/2026/05/04/20
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-29169
 	NOTE: https://github.com/apache/httpd/commit/225dc070adba11040b774cf641e1d8bc79941643 (2.4.67-rc1-candidate)
@@ -356,12 +356,12 @@ CVE-2026-24118 (vm2 is an open source vm/sandbox for Node.js. Prior to version 3
 CVE-2026-24082 (Memory Corruption when copying data from a freed source while executin ...)
 	NOT-FOR-US: Qualcomm
 CVE-2026-24072 (An escalation of privilege bug in various modules in Apache HTTP 2.4.6 ...)
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1135737)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/18
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-24072
 	NOTE: https://github.com/apache/httpd/commit/05e6c5086d6792b9105f88e1664b2614087f79d5 (2.4.67-rc1-candidate)
 CVE-2026-23918 (Double Free and possible RCE vulnerability in Apache HTTP Server with  ...)
-	- apache2 <unfixed>
+	- apache2 <unfixed> (bug #1135737)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/19
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-23918
 	NOTE: https://github.com/apache/httpd/commit/e41e84e08e6186460e77a8357b5d5c571d33bd76 (2.4.67-rc1-candidate)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7800e210ca35a3e220f5bd4d7fc0d1538b7c0863

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7800e210ca35a3e220f5bd4d7fc0d1538b7c0863
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260505/99f28fe0/attachment.htm>

More information about the debian-security-tracker-commits mailing list