Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f7488aec by Salvatore Bonaccorso at 2025-07-11T10:25:37+02:00
Track fixed version for apache2 issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -207,7 +207,7 @@ CVE-2025-53371 (DiscordNotifications is an extension for
MediaWiki that sends no
CVE-2025-53364 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
CVE-2025-53020 (Late Release of Memory after Effective Lifetime vulnerability
in Apach ...)
- - apache2 <unfixed>
+ - apache2 2.4.64-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-53020
CVE-2025-52837 (Trend Micro Password Manager (Consumer) version 5.8.0.1327 and
below i ...)
NOT-FOR-US: Trend Micro
@@ -232,10 +232,10 @@ CVE-2025-52434 (Concurrent Execution using Shared
Resource with Improper Synchro
CVE-2025-4972 (An issue has been discovered in GitLab EE affecting all
versions from ...)
- gitlab <not-affected> (Specific to EE)
CVE-2025-49812 (In some mod_ssl configurations on Apache HTTP Server versions
through ...)
- - apache2 <unfixed>
+ - apache2 2.4.64-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-49812
CVE-2025-49630 (In certain proxy configurations, a denial of service attack
againstApa ...)
- - apache2 <unfixed>
+ - apache2 2.4.64-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-49630
CVE-2025-49464 (Classic buffer overflow in certain Zoom Clients for Windows
may allow ...)
NOT-FOR-US: Zoom
@@ -290,21 +290,21 @@ CVE-2025-28243 (An issue in Alteryx Server v.2023.1.1.460
allows HTML injection
CVE-2025-27889 (Wing FTP Server before 7.4.4 does not properly validate and
sanitize t ...)
NOT-FOR-US: Wing FTP Server
CVE-2025-23048 (In some mod_ssl configurations on Apache HTTP Server 2.4.35
through to ...)
- - apache2 <unfixed>
+ - apache2 2.4.64-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-23048
CVE-2024-7650 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
NOT-FOR-US: OpenText
CVE-2024-47252 (Insufficient escaping of user-supplied data in mod_ssl in
Apache HTTP ...)
- - apache2 <unfixed>
+ - apache2 2.4.64-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-47252
CVE-2024-43394 (Server-Side Request Forgery (SSRF)in Apache HTTP Server on
Windows all ...)
- apache2 <not-affected> (Windows specific)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-43394
CVE-2024-43204 (SSRF in Apache HTTP Server with mod_proxy loaded allows an
attacker to ...)
- - apache2 <unfixed>
+ - apache2 2.4.64-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-43204
CVE-2024-42516 (HTTP response splitting in the core of Apache HTTP Server
allows an at ...)
- - apache2 <unfixed>
+ - apache2 2.4.64-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-42516
NOTE: CVE exists, because original patch for CVE-2023-38709 did not
address the issue.
CVE-2024-39752 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be
vulnerable t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7488aec9f0a17b3b52659dde3fa9813b9f3ebdf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7488aec9f0a17b3b52659dde3fa9813b9f3ebdf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
