Your message dated Sun, 05 May 2024 19:17:41 +0000
with message-id <e1s3hmj-004c4s...@fasolo.debian.org>
and subject line Bug#1068412: fixed in apache2 2.4.59-1~deb11u1
has caused the Debian Bug report #1068412,
regarding apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1068412: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: apache2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for apache2.
CVE-2024-27316[0]:
https://www.kb.cert.org/vuls/id/421644
https://www.openwall.com/lists/oss-security/2024/04/04/4
CVE-2024-24795[1]:
https://www.openwall.com/lists/oss-security/2024/04/04/5
CVE-2023-38709[2]:
https://www.openwall.com/lists/oss-security/2024/04/04/3
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-27316
https://www.cve.org/CVERecord?id=CVE-2024-27316
[1] https://security-tracker.debian.org/tracker/CVE-2024-24795
https://www.cve.org/CVERecord?id=CVE-2024-24795
[2] https://security-tracker.debian.org/tracker/CVE-2023-38709
https://www.cve.org/CVERecord?id=CVE-2023-38709
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: apache2
Source-Version: 2.4.59-1~deb11u1
Done: Yadd <y...@debian.org>
We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1068...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated apache2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 05 Apr 2024 16:08:04 +0400
Source: apache2
Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-data apache2-dev
apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym
apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils
apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: source amd64 all
Version: 2.4.59-1~deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Yadd <y...@debian.org>
Description:
apache2 - Apache HTTP Server
apache2-bin - Apache HTTP Server (modules and other binary files)
apache2-data - Apache HTTP Server (common files)
apache2-dev - Apache HTTP Server (development headers)
apache2-doc - Apache HTTP Server (on-site documentation)
apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
apache2-suexec-custom - Apache HTTP Server configurable suexec program for
mod_suexec
apache2-suexec-pristine - Apache HTTP Server standard suexec program for
mod_suexec
apache2-utils - Apache HTTP Server (utility programs for web servers)
libapache2-mod-md - transitional package
libapache2-mod-proxy-uwsgi - transitional package
Closes: 1068412
Changes:
apache2 (2.4.59-1~deb11u1) bullseye-security; urgency=medium
.
* New upstream version 2.4.58
(Closes: CVE-2023-31122, CVE-2023-43622, CVE-2023-45802)
* Drop 2.4.56-regression patches
* New upstream version 2.4.59
(Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)
* Install NOTICE files
* Update test framework
* Refresh patches
Checksums-Sha1:
b0c553ee2f9076ab255d36f6f77a4155e8f5180d 3539 apache2_2.4.59-1~deb11u1.dsc
7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz
837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc
8d3d9c0ec949faa3683bc395b0955584347323a6 895172
apache2_2.4.59-1~deb11u1.debian.tar.xz
651b4de4722fb3cf7331e0df7147738b7015bf89 3308712
apache2-bin-dbgsym_2.4.59-1~deb11u1_amd64.deb
46176b8ad83ca0e991d575f498d67871b2c2e1d6 1447660
apache2-bin_2.4.59-1~deb11u1_amd64.deb
2cd7eef5039ed029710efc9edb1c8b8d3822381b 160212
apache2-data_2.4.59-1~deb11u1_all.deb
7ae879f3f9fd07d0b0faff14e40af9d955e11a3d 374820
apache2-dev_2.4.59-1~deb11u1_amd64.deb
a74bbd0f3c77d93b2933e9a7ca2c4daef09767ae 4085344
apache2-doc_2.4.59-1~deb11u1_all.deb
6b04306349ed3dab9a9baae0bb6ecc733d87101e 3148
apache2-ssl-dev_2.4.59-1~deb11u1_amd64.deb
592c2db4a61122edf71651806dab471f3c4fd523 12348
apache2-suexec-custom-dbgsym_2.4.59-1~deb11u1_amd64.deb
c8d55c5c2d152295a8f052afb4687b4c608010b6 203964
apache2-suexec-custom_2.4.59-1~deb11u1_amd64.deb
f15301bcdfa07e497b13d2e2b63f72b8b1b5e8d1 11140
apache2-suexec-pristine-dbgsym_2.4.59-1~deb11u1_amd64.deb
32bca066d4c74d879a47c9695eba65305ce40beb 202404
apache2-suexec-pristine_2.4.59-1~deb11u1_amd64.deb
c96298d3153025ee40865dc3114cde0cdc768cd2 115748
apache2-utils-dbgsym_2.4.59-1~deb11u1_amd64.deb
9d40390c27ffcfb4291074e8da52e85d7c1542a4 271100
apache2-utils_2.4.59-1~deb11u1_amd64.deb
b6c21fd9d72ce97e5bed90e742367bd956752d4e 12690
apache2_2.4.59-1~deb11u1_amd64.buildinfo
cdb3c0c6f59f347ab1a5a05759bb0da7a886a1fa 283732
apache2_2.4.59-1~deb11u1_amd64.deb
dba70fb6f094395bf44685af6de02efbb9112f4b 956
libapache2-mod-md_2.4.59-1~deb11u1_amd64.deb
93d5d7eda14453906d757151f463cae78d545069 1136
libapache2-mod-proxy-uwsgi_2.4.59-1~deb11u1_amd64.deb
Checksums-Sha256:
778f49efe1aab7caa9446c4027664cbc77c9b54d4f11e69fc1b1e3f4725e8b77 3539
apache2_2.4.59-1~deb11u1.dsc
e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f 9843252
apache2_2.4.59.orig.tar.gz
0ad3f670b944ebf08c81544bc82fae9496e88d96840cd0612d8cdeaa073eb06d 833
apache2_2.4.59.orig.tar.gz.asc
04df061eedac33928a93afe996a9839e83a5daddc5ee53088a0bb37090ed9331 895172
apache2_2.4.59-1~deb11u1.debian.tar.xz
fde3f605f2591fc8ec3ef50cc3fa13e318060fe51f5fa5253654889a48989c36 3308712
apache2-bin-dbgsym_2.4.59-1~deb11u1_amd64.deb
a8b9c67f1f198511d1769ea1d181950c329b82110812515fcc126da12d78ac55 1447660
apache2-bin_2.4.59-1~deb11u1_amd64.deb
701dd3e0bae253b68d9ee12165c67557fc9b9bd485c7d6306410754dd5606ddc 160212
apache2-data_2.4.59-1~deb11u1_all.deb
81082a7e4bb4a469dba94655c5a28cfa215b1aeb189244066904be9eb3670f4b 374820
apache2-dev_2.4.59-1~deb11u1_amd64.deb
364ea71d4666f290d80692d9104e1c021380e677821b15bcdb79888be017261f 4085344
apache2-doc_2.4.59-1~deb11u1_all.deb
49a7fd50c283a3a039e59ab3c14702ecb2cff94296ffa9d3bded6ec6cca7c97d 3148
apache2-ssl-dev_2.4.59-1~deb11u1_amd64.deb
c31f146feaa81ae84ebeba6509ebf1d9cd55f9c2e8b6a5b1f5d9a5837f0ee5dc 12348
apache2-suexec-custom-dbgsym_2.4.59-1~deb11u1_amd64.deb
6c646b06d6187df71e36b5400a7fac1df2e578219e1856e57cd3038a7c65eefb 203964
apache2-suexec-custom_2.4.59-1~deb11u1_amd64.deb
c75bcdb70660d6713671ce437f18205c35099b754b608d770c3b780e7c3625df 11140
apache2-suexec-pristine-dbgsym_2.4.59-1~deb11u1_amd64.deb
2bdbf4f4406fdcd04320c6cb2bec4f70f5e6059f4a72211f7e8d561f865edede 202404
apache2-suexec-pristine_2.4.59-1~deb11u1_amd64.deb
b26b4a56cc84358d59a0f6287c0ec01ccbd2deb1a35adf383d9f98d9fd4f06d9 115748
apache2-utils-dbgsym_2.4.59-1~deb11u1_amd64.deb
e6f6f42a06e370e1f808838150f5c7d43619c2a38ec0fee24d113bb634c0b60c 271100
apache2-utils_2.4.59-1~deb11u1_amd64.deb
338e03aaba1aecd93b8320c3bc10e96bc59c1f300a17a995bdd5050ea130d881 12690
apache2_2.4.59-1~deb11u1_amd64.buildinfo
037bcc5b8a89df5a92948cc1294e0b97de9185a5d1de5297dda04338fd83f6d6 283732
apache2_2.4.59-1~deb11u1_amd64.deb
4ac37021adcdd77a6c86153c225421f648a09c256dc03109757b73d9c69ec525 956
libapache2-mod-md_2.4.59-1~deb11u1_amd64.deb
e6a8d77cff572a8c8e7d638947c4f7d2658624549e7f6e9e426e6180209da1a9 1136
libapache2-mod-proxy-uwsgi_2.4.59-1~deb11u1_amd64.deb
Files:
34e437fdffc488623f71ef343ab5b2fa 3539 httpd optional
apache2_2.4.59-1~deb11u1.dsc
c39d28e0777bc95631cb49958fdb6601 9843252 httpd optional
apache2_2.4.59.orig.tar.gz
3c342b3dcc0fe227a1fffdf9997987d0 833 httpd optional
apache2_2.4.59.orig.tar.gz.asc
e75111ec2dff1bfb40851e9cd95cb4c8 895172 httpd optional
apache2_2.4.59-1~deb11u1.debian.tar.xz
81385a330e46e7854c7985e94313089e 3308712 debug optional
apache2-bin-dbgsym_2.4.59-1~deb11u1_amd64.deb
75161a8c7e49345a13a1561240a23c55 1447660 httpd optional
apache2-bin_2.4.59-1~deb11u1_amd64.deb
087abdf469a5591067b7671d2e78a4c9 160212 httpd optional
apache2-data_2.4.59-1~deb11u1_all.deb
57dc67bbf13d6a702adb5d18af508296 374820 httpd optional
apache2-dev_2.4.59-1~deb11u1_amd64.deb
898ff24dc889ff824553788543a3e92a 4085344 doc optional
apache2-doc_2.4.59-1~deb11u1_all.deb
8ae80bb43bf33ec7dd17e906f7a5f0fc 3148 httpd optional
apache2-ssl-dev_2.4.59-1~deb11u1_amd64.deb
ae5ef1a7629058f83e2f25a1c95f3d95 12348 debug optional
apache2-suexec-custom-dbgsym_2.4.59-1~deb11u1_amd64.deb
cf6b0484728271185b609aab0a4d3ba1 203964 httpd optional
apache2-suexec-custom_2.4.59-1~deb11u1_amd64.deb
a4bb6b10bf60b321270c048750e29543 11140 debug optional
apache2-suexec-pristine-dbgsym_2.4.59-1~deb11u1_amd64.deb
dc27e2f38ee8fff7d6adefbf6d6f762d 202404 httpd optional
apache2-suexec-pristine_2.4.59-1~deb11u1_amd64.deb
817c12f43714c513dfbd2de56981f836 115748 debug optional
apache2-utils-dbgsym_2.4.59-1~deb11u1_amd64.deb
a566ba10ff85c7d06583f1c0b683bfa4 271100 httpd optional
apache2-utils_2.4.59-1~deb11u1_amd64.deb
0bf09e26d44e403ed55524ed3afe6e88 12690 httpd optional
apache2_2.4.59-1~deb11u1_amd64.buildinfo
30a814c6c54aec143c8f5d74813371fa 283732 httpd optional
apache2_2.4.59-1~deb11u1_amd64.deb
6aa265f42fa9d5846c636ecec6c3939c 956 oldlibs optional
libapache2-mod-md_2.4.59-1~deb11u1_amd64.deb
ee8c3ce5d91cd14d9eebe943e883f42f 1136 oldlibs optional
libapache2-mod-proxy-uwsgi_2.4.59-1~deb11u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmYUB+0ACgkQ9tdMp8mZ
7unoKRAAmKvgUAAhavvRZiljjCr0uitAW+LqglY2GZ7Pf3rN4oZfpaK/A5FBhbZ6
pUOsrnQiUnRBC0t46lTHV9Qutl9PalNSsRpRnH8s7A+srrNOsgyciYvsmYYhhOL3
qbsrtIWHij2BAskBS+O5oA8JA/k0AFZ9lnp2vDFa3F1hAC35Q4acS8rQ4YixGM1+
hInHGkoL/bozewB8Bu3wo0L4IHJoS38Y5jHFbJr4IcY8LLSGUkpZkJEU9Cam/pa+
SLlnfyjIXzV2XaBej4Za+0oSFK+d61s2ZoLUMEq86XYNLtXg2gRY0nVD+pt7EhXP
QvQv9l2iqiY//d+BUr83cvM3dwFgb1eIvacBdBR2j45yFQHC3Y0UyNqAkvVZmvog
ZRX0AFip4dQdidpiv1DaZT12srs/K6ZgaAwCk7dL0QUF58TEe5otqVpGwnXeUsOx
l8sY4BpetHCogVpIDQHo+WpDbb5l4XoRYoesw7fMhewWpMMNTo4lJLPB00CDkkWD
1x5bY7NkuuQt3phhlMp2tfFfOy51zGMlaxIYI8NmEHsFFI7bi0xmCIhggW2OYUmD
t5QGffezlzvuK3tk1jSNTKF4Hq6AtQ9EWzZ5Q+ft1emVsODSSRHXcisBKzXLPjss
pTzxAlJg9v9bkGptkbjMVBvl2zher9jmhs1YTuznsObRltX0xSs=
=qdRt
-----END PGP SIGNATURE-----
pgpNkAaVtfzSh.pgp
Description: PGP signature
--- End Message ---
