[Git][security-tracker-team/security-tracker][master] Track fixed version for apache2 issues fixed via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 5 13:55:51 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3bcf6567 by Salvatore Bonaccorso at 2026-05-05T14:55:41+02:00
Track fixed version for apache2 issues fixed via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -301,32 +301,32 @@ CVE-2026-35228 (Vulnerability in the Oracle MCP Server Helper Tool product of Or
CVE-2026-34882
REJECTED
CVE-2026-34059 (Buffer Over-read vulnerability in Apache HTTP Server. This issue affe ...)
- - apache2 <unfixed> (bug #1135737)
+ - apache2 2.4.67-1 (bug #1135737)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/17
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-34059
NOTE: https://github.com/apache/httpd/commit/a3d32288317a87b1398825f2167e0ae083ed43da (2.4.67-rc1-candidate)
CVE-2026-34032 (Improper Null Termination, Out-of-bounds Read vulnerability in Apache ...)
- - apache2 <unfixed> (bug #1135737)
+ - apache2 2.4.67-1 (bug #1135737)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/16
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-34032
NOTE: https://github.com/apache/httpd/commit/b8def8fe323f7f67d0e03bb83c67d66bd8d7fcb2 (2.4.67-rc1-candidate)
CVE-2026-33857 (Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Ser ...)
- - apache2 <unfixed> (bug #1135737)
+ - apache2 2.4.67-1 (bug #1135737)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/15
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-33857
NOTE: https://github.com/apache/httpd/commit/493eb23e5cc18c3a7be53977c182ff5d1360c64c (2.4.67-rc1-candidate)
CVE-2026-33523 (HTTP response splitting vulnerability in multiple Apache HTTP Server m ...)
- - apache2 <unfixed> (bug #1135737)
+ - apache2 2.4.67-1 (bug #1135737)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/23
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-33523
NOTE: https://github.com/apache/httpd/commit/0218d4b9c1c0706df4bd7a3e3b15f71d4b66126a (2.4.67-rc1-candidate)
CVE-2026-33007 (A NULL pointer dereference in the mod_authn_socache in Apache HTTP Ser ...)
- - apache2 <unfixed> (bug #1135737)
+ - apache2 2.4.67-1 (bug #1135737)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/22
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-33007
NOTE: https://github.com/apache/httpd/commit/d80685a9e0241d99e94aa2fc0aa491d90c4ae9e8 (2.4.67-rc1-candidate)
CVE-2026-33006 (A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 a ...)
- - apache2 <unfixed> (bug #1135737)
+ - apache2 2.4.67-1 (bug #1135737)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/21
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-33006
NOTE: https://github.com/apache/httpd/commit/4833b58c484c4eb8b429887b472bf4967cf88320 (2.4.67-rc1-candidate)
@@ -345,7 +345,7 @@ CVE-2026-2729 (The Forminator plugin for WordPress is vulnerable to authorizatio
CVE-2026-29514 (NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vu ...)
TODO: check
CVE-2026-29169 (A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.6 ...)
- - apache2 <unfixed> (bug #1135737)
+ - apache2 2.4.67-1 (bug #1135737)
NOTE: http://www.openwall.com/lists/oss-security/2026/05/04/20
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-29169
NOTE: https://github.com/apache/httpd/commit/225dc070adba11040b774cf641e1d8bc79941643 (2.4.67-rc1-candidate)
@@ -370,12 +370,12 @@ CVE-2026-24118 (vm2 is an open source vm/sandbox for Node.js. Prior to version 3
CVE-2026-24082 (Memory Corruption when copying data from a freed source while executin ...)
NOT-FOR-US: Qualcomm
CVE-2026-24072 (An escalation of privilege bug in various modules in Apache HTTP 2.4.6 ...)
- - apache2 <unfixed> (bug #1135737)
+ - apache2 2.4.67-1 (bug #1135737)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/18
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-24072
NOTE: https://github.com/apache/httpd/commit/05e6c5086d6792b9105f88e1664b2614087f79d5 (2.4.67-rc1-candidate)
CVE-2026-23918 (Double Free and possible RCE vulnerability in Apache HTTP Server with ...)
- - apache2 <unfixed> (bug #1135737)
+ - apache2 2.4.67-1 (bug #1135737)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/19
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-23918
NOTE: https://github.com/apache/httpd/commit/e41e84e08e6186460e77a8357b5d5c571d33bd76 (2.4.67-rc1-candidate)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bcf656780bea55e777e3598527d31abe2d79f3a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bcf656780bea55e777e3598527d31abe2d79f3a
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260505/926022e3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list