[Git][security-tracker-team/security-tracker][master] Reserve DLA-3921-1 for apache2

Thu, 17 Oct 2024 08:40:26 -0700 


Bastien Roucariès pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5b1fd304 by Bastien Roucariès at 2024-10-16T21:49:03+00:00
Reserve DLA-3921-1 for apache2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -24822,7 +24822,6 @@ CVE-2024-40725 (A partial fix for CVE-2024-39884 in the 
core of Apache HTTP Serv
 CVE-2024-39884 (A regression in the core of Apache HTTP Server 2.4.60 ignores 
some use ...)
        - apache2 2.4.61-1
        [bookworm] - apache2 <not-affected> (Vulnerable code not present)
-       [bullseye] - apache2 <not-affected> (Vulnerable code not present)
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-39884
        NOTE: Fixed by [1/4] 
https://github.com/apache/httpd/commit/cf3402e182f7a32eb9085a82347769cb2efe491e 
(trunk)
        NOTE: Fixed by [2/4] 
https://github.com/apache/httpd/commit/aa4b05ee0536fdbd62b02eaab91f31ae3a305129 
(trunk)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[16 Oct 2024] DLA-3921-1 apache2 - security update
+       {CVE-2024-38474 CVE-2024-39884}
+       [bullseye] - apache2 2.4.62-1~deb11u2
 [14 Oct 2024] DLA-3920-1 php7.4 - security update
        {CVE-2022-4900 CVE-2024-5458 CVE-2024-8925 CVE-2024-8927 CVE-2024-9026}
        [bullseye] - php7.4 7.4.33-1+deb11u6


=====================================
data/dla-needed.txt
=====================================
@@ -33,10 +33,6 @@ activemq (santiago)
 ansible
   NOTE: 20240915: Added by Front-Desk (ta)
 --
-apache2 (rouca)
-  NOTE: 20241013: Added by coordinator (santiago)
-  NOTE: 20241013: Requested by rouca to follow regression fixes from 
2.4.62-1~deb12u2
---
 asterisk (Thorsten Alteholz)
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: CVE-2024-42365 is privilege escalation. (Beuc/front-desk)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b1fd30466f5ae6d357fd9d298e72f572c2a3932

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b1fd30466f5ae6d357fd9d298e72f572c2a3932
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to