[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2026-42536/apache2

Wed, 10 Jun 2026 13:24:31 -0700 


Bastien Roucariès pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f9e1f895 by Bastien Roucariès at 2026-06-10T22:21:27+02:00
CVE-2026-42536/apache2

- - - - -
a33e4a68 by Bastien Roucariès at 2026-06-10T22:21:30+02:00
CVE-2026-43951/apache2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2352,6 +2352,7 @@ CVE-2026-43966 (Improper Neutralization of CRLF Sequences 
in HTTP Headers ('HTTP
 CVE-2026-43951 (Out-of-bounds Read vulnerability in Apache HTTP Server with 
mod_header ...)
        - apache2 <unfixed> (bug #1139340)
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-43951
+       NOTE: Fixed by: 
https://github.com/apache/httpd/commit/6ff9dc2fdbe7ffd2f8a6c9ffe9ec801d53c760ba 
(2.4.68-rc1-candidate)
 CVE-2026-42863 (Flowise is a drag & drop user interface to build a customized 
large la ...)
        NOT-FOR-US: Flowise
 CVE-2026-42862 (Flowise is a drag & drop user interface to build a customized 
large la ...)
@@ -2361,6 +2362,8 @@ CVE-2026-42861 (Flowise is a drag & drop user interface 
to build a customized la
 CVE-2026-42536 (Heap-based Buffer Overflow vulnerability in Apache HTTP Server 
withmod ...)
        - apache2 <unfixed> (bug #1139340)
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-42536
+       NOTE: Fixed by: 
https://github.com/apache/httpd/commit/fa5d85bbc832a587c3c5bca7c19fb21df96b5df0 
(trunk)
+       NOTE: Fixed by: 
https://github.com/apache/httpd/commit/cb1f79c0ce66393c48657b19df754f16b79af543 
(2.4.68-rc1-candidate)
 CVE-2026-42535 (A path handling issue in mod_dav_fs in Apache 2.4.67 and 
earlierallows ...)
        - apache2 <unfixed> (bug #1139340)
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-42535



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fce1e89a6bfe5c8e761cb15a7466617275f46b0e...a33e4a6822ec9866a572f247b1f08b1e800f68e3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fce1e89a6bfe5c8e761cb15a7466617275f46b0e...a33e4a6822ec9866a572f247b1f08b1e800f68e3
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to