[Git][security-tracker-team/security-tracker][master] CVE-2025-23048/apache2

Mon, 11 Aug 2025 12:30:53 -0700 


Bastien Roucariès pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6defdb75 by Bastien Roucariès at 2025-08-11T21:30:02+02:00
CVE-2025-23048/apache2

Document regression for load balancer

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4517,7 +4517,6 @@ CVE-2010-10012 (A path traversal vulnerability exists in 
httpdasm version 0.92,
 CVE-2025-54090 (A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond 
expr .. ...)
        - apache2 2.4.65-1
        [bookworm] - apache2 <not-affected> (Vulnerable code introduced in 
2.4.64)
-       [bullseye] - apache2 <not-affected> (Vulnerable code introduced in 
2.4.64)
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-54090
        NOTE: Fixed by: 
https://github.com/apache/httpd/commit/8abb3d06b23975705ebcf4bf4476464fd0b9bd0b 
(2.4.65)
        NOTE: Introduced by: 
https://github.com/apache/httpd/commit/8efe8ea18c6f7123c5779bb4d9551ccf407dc0c4 
(2.4.64)
@@ -7756,6 +7755,8 @@ CVE-2025-23048 (In some mod_ssl configurations on Apache 
HTTP Server 2.4.35 thro
        [bookworm] - apache2 <no-dsa> (Will be updated via point release)
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-23048
        NOTE: Fixed by: 
https://github.com/apache/httpd/commit/c4cfa50c9068e8b8134c530ab21674e77d1278a2
+       NOTE: possible regression for misconfigured load balancer
+       NOTE: NEWS: 
https://salsa.debian.org/apache-team/apache2/-/blob/0874e522244079e8436b576ac7ae0527f2ce97f1/debian/apache2.NEWS
 CVE-2024-7650 (Improper Control of Generation of Code ('Code Injection') 
vulnerabilit ...)
        NOT-FOR-US: OpenText
 CVE-2024-47252 (Insufficient escaping of user-supplied data in mod_ssl in 
Apache HTTP  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6defdb756c35eecd475d66b597289040d7fe5cda

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6defdb756c35eecd475d66b597289040d7fe5cda
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to