[Git][security-tracker-team/security-tracker][master] Remove listing of CVE-2025-54090 in DLA

Tue, 12 Aug 2025 10:36:21 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
111cbba5 by Salvatore Bonaccorso at 2025-08-12T19:35:03+02:00
Remove listing of CVE-2025-54090 in DLA

As there was not 2.4.64 upload (and neither a specific backport) the
vulnerable code was never in a bullseye released version. Retain the
status and drop the listing of the CVE in the DLA.

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4760,6 +4760,7 @@ CVE-2010-10012 (A path traversal vulnerability exists in 
httpdasm version 0.92,
 CVE-2025-54090 (A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond 
expr .. ...)
        - apache2 2.4.65-1
        [bookworm] - apache2 <not-affected> (Vulnerable code introduced in 
2.4.64)
+       [bullseye] - apache2 <not-affected> (Vulnerable code introduced in 
2.4.64)
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-54090
        NOTE: Fixed by: 
https://github.com/apache/httpd/commit/8abb3d06b23975705ebcf4bf4476464fd0b9bd0b 
(2.4.65)
        NOTE: Introduced by: 
https://github.com/apache/httpd/commit/8efe8ea18c6f7123c5779bb4d9551ccf407dc0c4 
(2.4.64)


=====================================
data/DLA/list
=====================================
@@ -1,5 +1,5 @@
 [12 Aug 2025] DLA-4270-1 apache2 - security update
-       {CVE-2024-42516 CVE-2024-43204 CVE-2024-43394 CVE-2024-47252 
CVE-2025-23048 CVE-2025-49630 CVE-2025-49812 CVE-2025-53020 CVE-2025-54090}
+       {CVE-2024-42516 CVE-2024-43204 CVE-2024-43394 CVE-2024-47252 
CVE-2025-23048 CVE-2025-49630 CVE-2025-49812 CVE-2025-53020}
        [bullseye] - apache2 2.4.65-1~deb11u1
 [11 Aug 2025] DLA-4269-1 ca-certificates-java - bugfix update
        [bullseye] - ca-certificates-java 20230710~deb12u1~deb11u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/111cbba5dc0a7cf6f0d4ccaa79b89badec566f62

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/111cbba5dc0a7cf6f0d4ccaa79b89badec566f62
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to