Your message dated Thu, 01 Jan 2026 11:32:05 +0000
with message-id <[email protected]>
and subject line Bug#1121926: fixed in apache2 2.4.66-1~deb13u1
has caused the Debian Bug report #1121926,
regarding apache2: CVE-2025-55753 CVE-2025-58098 CVE-2025-65082 CVE-2025-66200
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1121926: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: apache2
Version: 2.4.65-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for apache2.
CVE-2025-55753[0]:
| mod_md (ACME), unintended retry intervals
CVE-2025-58098[1]:
| Server Side Includes adds query string to #exec cmd=...
CVE-2025-65082[2]:
| CGI environment variable override
CVE-2025-66200[3]:
| mod_userdir+suexec bypass via AllowOverride FileInfo
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-55753
https://www.cve.org/CVERecord?id=CVE-2025-55753
[1] https://security-tracker.debian.org/tracker/CVE-2025-58098
https://www.cve.org/CVERecord?id=CVE-2025-58098
[2] https://security-tracker.debian.org/tracker/CVE-2025-65082
https://www.cve.org/CVERecord?id=CVE-2025-65082
[3] https://security-tracker.debian.org/tracker/CVE-2025-66200
https://www.cve.org/CVERecord?id=CVE-2025-66200
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: apache2
Source-Version: 2.4.66-1~deb13u1
Done: Yadd <[email protected]>
We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <[email protected]> (supplier of updated apache2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 05 Dec 2025 19:52:34 +0100
Source: apache2
Architecture: source
Version: 2.4.66-1~deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian Apache Maintainers <[email protected]>
Changed-By: Yadd <[email protected]>
Closes: 1121926
Changes:
apache2 (2.4.66-1~deb13u1) trixie; urgency=medium
.
* Team upload
* New upstream version (Closes: #1121926, CVE-2025-55753, CVE-2025-58098,
CVE-2025-59775, CVE-2025-65082, CVE-2025-66200)
* Update test framework
Checksums-Sha1:
acb98606fc7b4e02be0cbeadfe99cbbcf09bf7d1 3526 apache2_2.4.66-1~deb13u1.dsc
9a2de37ab3a9e4603a0a98f4e2255a6bfed005d4 9828043 apache2_2.4.66.orig.tar.gz
a0525bf2f2f51a508b61d7d78e3dca19276de0d0 833 apache2_2.4.66.orig.tar.gz.asc
d18807dcfaea45a1ef1ee9a845fd0b1d42094613 827460
apache2_2.4.66-1~deb13u1.debian.tar.xz
Checksums-Sha256:
fab2538e4f04d341e7243297e79de00f3313e382c606fc9ce39f88510e1844df 3526
apache2_2.4.66-1~deb13u1.dsc
442184763b60936471b88a91275f79d2407733b7aac27e345f270e8bc31c3d49 9828043
apache2_2.4.66.orig.tar.gz
d39cdcb8d723e3c5bd4edc1e248d52c4fd352fb10eeda91cae973b12325605bc 833
apache2_2.4.66.orig.tar.gz.asc
55e1fa97dcfdcc3dd84d568e63423d5a1a34cac1517acd72bab0bb0c2586ea05 827460
apache2_2.4.66-1~deb13u1.debian.tar.xz
Files:
9e2c7e46507a06fb95393227eb8c2425 3526 httpd optional
apache2_2.4.66-1~deb13u1.dsc
91b20bb90cf7d1eeb225e5b7246ce93d 9828043 httpd optional
apache2_2.4.66.orig.tar.gz
2823799bf1d4b8e771a672d1d6f6ce60 833 httpd optional
apache2_2.4.66.orig.tar.gz.asc
0ad552ee93e923d60b6317b38eccf31f 827460 httpd optional
apache2_2.4.66-1~deb13u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmlQ/bkACgkQ9tdMp8mZ
7ukH1g/+IvEu8PC1QjyZsBnSldtg3hyfph+dcjWSuvcN/qL7a8PDADqqX7e5xxSZ
5y0jbY1FlZt2DLahXnd1felawpNZL/hcs0myZPzx9DB+G1SRwqkRYiJ86NevWg6N
jOK9PnwZSNOGx2WSk2njZgOMU7ZSVzELt9S6d4/45g+z7NXCJhM3czoLjuUzoimx
EUzKQt8FhYy0c5haCNwrZZQP/HgQBxSmYhxINDTYc6wPcqYPn0yXchpl5bKgzMqU
qouL5hirtoplsP3bdQzzrzxmZmw46k3Da/axMGJYmhNQ407VbFbM2gq1vPbO5wN1
TtkXMeKm+Tgc16DrAOgmXaz2zbbTttRY39fXKr4WOR16DH3CE7u1HzTZcTbK4MAl
1wcbfIrLVZ7FZBIolVHAnyabp+f1lCq3FVHVXsE7D7ZBG8Xe7yrPu6ub+LY7ZEW3
7ydCVOCzwd3JasKAF9M8qkEVjtd5MB0CQMkzXKhapgit/kuTBJfqiBdFwdrqdVcK
vXPkpo/IcUyq6P/hmnbtLw7lE/e3Cpn7G3jFVg/tXdbbsN8VWOVJdSl1mo/i2uDO
X4ZO5okGtzOFUfDmS9AGQbD+DYMSPoU3sN7LzMWq+sCxEIMkKwuVgE0mli5JI/Np
Nknn+rstszDXk8zPz3m5i7rN3+Drc3nW2pPJpXmVWlQ1aLZ/2Bg=
=XXxQ
-----END PGP SIGNATURE-----
pgpEg4gAnF32O.pgp
Description: PGP signature
--- End Message ---
