[Git][security-tracker-team/security-tracker][master] Reserve DSA number for apache2 update

Wed May 6 15:47:03 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e3d5080 by Salvatore Bonaccorso at 2026-05-06T16:46:16+02:00
Reserve DSA number for apache2 update

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1891,6 +1891,7 @@ CVE-2026-24072 (An escalation of privilege bug in various modules in Apache HTTP
 CVE-2026-23918 (Double Free and possible RCE vulnerability in Apache HTTP Server with  ...)
 	- apache2 2.4.66-5 (bug #1135737)
 	[trixie] - apache2 2.4.66-1~deb13u2
+	[bookworm] - apache2 2.4.67-1~deb12u2
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/19
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-23918
 	NOTE: https://github.com/apache/httpd/commit/e41e84e08e6186460e77a8357b5d5c571d33bd76 (2.4.67-rc1-candidate)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[06 May 2026] DSA-6248-1 apache2 - security update
+	{CVE-2026-24072 CVE-2026-28780 CVE-2026-29168 CVE-2026-29169 CVE-2026-33006 CVE-2026-33007 CVE-2026-33523 CVE-2026-33857 CVE-2026-34032 CVE-2026-34059}
+	[bookworm] - apache2 2.4.67-1~deb12u2
+	[trixie] - apache2 2.4.67-1~deb13u2
 [04 May 2026] DSA-6247-1 lxd - security update
 	{CVE-2026-40197 CVE-2026-40251 CVE-2026-41648 CVE-2026-41684 CVE-2026-41685}
 	[bookworm] - lxd 5.0.2-5+deb12u6


=====================================
data/dsa-needed.txt
=====================================
@@ -15,8 +15,6 @@ If needed, specify the release by adding a slash after the name of the source pa
 amd64-microcode (carnil)
   Coordinating with maintainer DSA/bookworm-pu and sync with mitgations in src:linux
 --
-apache2 (carnil)
---
 botan3/stable
 --
 ceph



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e3d5080e7963a432cf996302a5c5b2061aa758a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e3d5080e7963a432cf996302a5c5b2061aa758a
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260506/f0b824f0/attachment.htm>
