Source: apache2
Version: 2.4.23-8
Severity: important
Tags: security upstream patch
Hi
CVE-2016-8740 was announced for apache, CVE-2016-8740, Server memory
can be exhausted and service denied when HTTP/2 is used.
Post to oss-security at:
http://www.openwall.com/lists/oss-security/2016/12/05/14
Source: apache2
Version: 2.4.10-10
Severity: important
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for apache2.
CVE-2017-9788[0]:
| In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value
| placeholder in [Proxy-]Authorization headers of type 'Di
Source: apache2
Version: 2.4.10-10
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for apache2.
CVE-2017-9798[0]:
HTTP OPTIONS method can leak Apache's server memory
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabi
Control: severity -1 serious
Rationale: Raising the severity to RC / serious, due to fix beeing
available in stable but not yet in unstable.
Regards,
Salvatore
Source: apache2
Version: 2.4.18-1
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for apache2.
CVE-2018-1333[0]:
| By specially crafting HTTP/2 requests, workers would be allocated 60
| seconds longer than necessary, leading to worker exhaustion and a
|
Source: apache2
Version: 2.4.33-1
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for apache2.
CVE-2018-8011[0]:
| By specially crafting HTTP requests, the mod_md challenge handler
| would dereference a NULL pointer and cause the child process to
| segfa
Source: apache2
Version: 2.4.25-1
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for apache2.
CVE-2018-11763[0]:
mod_http2, DoS via continuous SETTINGS frames
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities
Source: apache2
Version: 2.4.37-1
Severity: grave
Tags: patch security upstream
Hi (Stefan),
I agree the severity is not the best choosen one for this issue, it is
more to ensure we could release buster with an appropriate fix already
before the release. If you disagree, please do downgrade.
The
Control: tags -1 + fixed-upstream
Control: tags -1 - patch
Hi Xavier,
On Wed, Jan 23, 2019 at 09:18:36AM +0100, Xavier wrote:
> Hello,
>
> Debian bug is tagged as "patch", but I didn't find any patch in the
> related documents. Can you give me the link to patch ?
Well you are right, not a patch
Source: apache2
Version: 2.4.37-1
Severity: important
Tags: security upstream fixed-upstream
Control: found -1 2.4.25-3+deb9u6
Control: found -1 2.4.25-3
Hi,
The following vulnerability was published for apache2.
CVE-2018-17189[0]:
mod_http2, DoS via slow, unneeded request bodies
If you fix the
Source: apache2
Version: 2.4.37-1
Severity: important
Tags: security upstream fixed-upstream
Control: found -1 2.4.25-3+deb9u6
Control: found -1 2.4.25-3
Hi,
The following vulnerability was published for apache2.
CVE-2018-17199[0]:
mod_session_cookie does not respect expiry time
If you fix the
Hi Xavier,
On Wed, Jan 23, 2019 at 09:46:44PM +0100, Xavier wrote:
> Le 23/01/2019 à 20:57, Salvatore Bonaccorso a écrit :
> > Control: tags -1 + fixed-upstream
> > Control: tags -1 - patch
> >
> > Hi Xavier,
> >
> > On Wed, Jan 23, 2019 at 09:
Hi Xavier,
On Wed, Jan 23, 2019 at 09:54:29PM +0100, Xavier wrote:
> Le 23/01/2019 à 21:50, Salvatore Bonaccorso a écrit :
> > Hi Xavier,
> >
> > On Wed, Jan 23, 2019 at 09:46:44PM +0100, Xavier wrote:
> >> Le 23/01/2019 à 20:57, Salvatore Bonaccorso a écrit :
Source: apache2
Version: 2.4.25-3+deb9u6
Severity: normal
Tags: upstream
Forwarded: https://bz.apache.org/bugzilla/show_bug.cgi?id=61817
Control: found -1 2.4.25-3
Hi
When using a setup using for mod_authnz_ldap the AuthLDAPBindPassword
directive specifically with the exec: variant as documented
Source: apache2
Version: 2.4.47-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for apache2.
CVE-2021-31618[0]:
| httpd: NULL pointer dereference on specially crafted
Source: apr
Version: 1.7.0-6
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for apr.
CVE-2021-35940[0]:
| An out-of-bounds array read in the apr_time_exp*() functions was fixed
| in the Apache Porta
Control: tags -1 + patch
On Mon, Aug 23, 2021 at 03:44:05PM +0200, Salvatore Bonaccorso wrote:
> Source: apr
> Version: 1.7.0-6
> Severity: important
> Tags: security upstream
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
>
> Hi,
>
> The following v
Source: apache2
Version: 2.4.55-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerabilities were published for apache2.
CVE-2023-25690[0]:
| Some mod_proxy configurations on Apache HTTP Server versions 2.4.0
| through 2.4.55
Hi,
On Fri, Mar 24, 2023 at 05:17:34PM +0100, Fabien LE BERRE wrote:
> Yes it does look like the bug. The Backtrace looks a lot like the coredump
> I've seen.
> Thanks for the heads up. Looking forward for the patch to be applied
> officially.
Would you be able to have additionally test the patch
Source: apache2
Source-Version: 2.4.59-1
- Forwarded message from Debian FTP Masters
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Fri, 05 Apr 2024 08:08:11 +0400
Source: apache2
Built-For-Profiles: nocheck
Architecture: source
Version: 2.4.59-1
Distribution: unst
Source: apr
Version: 1.7.2-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for apr.
CVE-2023-49582[0]:
| Lax permissions set by the Apache Portable Runtime library on Unix
| platforms would allow l
Hi,
On Tue, Sep 10, 2024 at 06:59:51AM +, Markus Wollny wrote:
> Package: apache2
> Version: 2.4.62-1~deb12u1
> Severity: important
> X-Debbugs-Cc: markus.wol...@computec.de, t...@security.debian.org
>
> Dear Maintainer,
>
> After upgrading apache2 packages, we noticed that our SEO rewriting
Hi,
On Tue, Sep 10, 2024 at 05:07:29PM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Tue, Sep 10, 2024 at 06:59:51AM +, Markus Wollny wrote:
> > Package: apache2
> > Version: 2.4.62-1~deb12u1
> > Severity: important
> > X-Debbugs-Cc: markus.wol...@comp
-1.7.2/debian/changelog 2024-10-31 21:08:12.0 +0100
@@ -1,3 +1,11 @@
+apr (1.7.2-3+deb12u1) bookworm; urgency=medium
+
+ * Non-maintainer upload.
+ * Use 0600 perms for named shared mem consistently (CVE-2023-49582)
+(Closes: #1080375)
+
+ -- Salvatore Bonaccorso Thu, 31 Oct 2024 21:08
Hi,
On Tue, Sep 10, 2024 at 03:35:26PM +, Bastien Roucariès wrote:
> control: retitle -1 Regression: Reverse proxy via mod_rewrite broken after
> 2.4.62
>
> Le mardi 10 septembre 2024, 15:18:48 UTC Salvatore Bonaccorso a écrit :
> > Hi,
> >
> > On Tue, Se
25 matches
Mail list logo
