On 4/5/24 15:58, Moritz Muehlenhoff wrote:
On Fri, Apr 05, 2024 at 08:16:43AM +0400, Yadd wrote:
On 4/4/24 22:51, Moritz Mühlenhoff wrote:
Source: apache2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for apache2.
CVE
contain important CVE fixes, only minor/medium.
So it will be updated during a Debian point release and not in security
branch.
Cheers,
Yadd
saw in this issue that you were a little frustrated by the lack of
responsiveness in apache2 maintenance. But apache2 is "RFH" and I'm not
C expert neither apache user so I try to do my best until someone more
qualified takes over.
Best regards,
Yadd
against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Drop apache2-doc.postinst
[ Other ]
Fixed in testing/Bookworm in version 2.4.54-3.
Cheers,
Yadd
diff --git a/debian/NEWS b/debian/NEWS
new file mode 100644
index ..c048ae45
--- /dev/null
+++ b
On 3/8/23 22:39, Moritz Muehlenhoff wrote:
On Wed, Mar 08, 2023 at 07:09:20AM +0400, Yadd wrote:
On 3/7/23 23:46, Salvatore Bonaccorso wrote:
Source: apache2
Version: 2.4.55-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following
Le Mardi, Novembre 08, 2022 16:01 CET, Shai Berger a écrit:
> Package: apache2
> Followup-For: Bug #967010
>
> Dear Maintainer,
>
> I just installed Apache2 and did not encounter the problem
> as reported in this bug.
>
> It is an old bug, and for some reason full of spam.
>
> Please close and/or
On 29/06/2022 16:51, MK wrote:
Package: apache2
Version: 2.4.53-1~deb11u1
Severity: minor
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
Enabling cgid in apache2 (with a2enmod cgid) results in an error when using
mpm_event:
Hi,
those CVEs are tagged low/moderate by upstream, why did you tag this bug as
grave ?
Cheers,
Yadd
Le Mercredi, Juin 08, 2022 17:49 CEST, Moritz Mühlenhoff a
écrit:
> Source: apache2
> X-Debbugs-CC: t...@security.debian.org
> Severity: grave
> Tags: security
>
> Hi,
1 - problem is in openldap only (fixed dependency between 2 openldap packages)
2 - this will be automatically fixed when package will be published:
libldap-2.4 will be updated in the same time than libldap2-dev
Cheers,
Yadd
> I don't know who must be warn so i warn on
> debian-apache@
On 28/12/2021 19:40, Yadd wrote:
On 28/12/2021 08:25, Sebastiaan Couwenberg wrote:
On Sun, 21 Nov 2021 17:17:32 + Matthew Vernon wrote:
On 19/11/2021 21:46, Yadd wrote:
> Sadly pcre2 does not provide /usr/bin/pcre-config, I'm unable to do
this
> change
Well, there is pcre2-
On 28/12/2021 08:25, Sebastiaan Couwenberg wrote:
On Sun, 21 Nov 2021 17:17:32 + Matthew Vernon wrote:
On 19/11/2021 21:46, Yadd wrote:
> Sadly pcre2 does not provide /usr/bin/pcre-config, I'm unable to do
this
> change
Well, there is pcre2-config, but that's a little beside the
h.
> Holger
Hi,
Apache2 in Bullseye follows upstream changes, so no need to produce a
patch. See https://security-tracker.debian.org/tracker/CVE-2021-40438
Cheers,
Yadd
Le 26/11/2021 à 03:03, westlake a écrit :
> Package: apache2
> Version: 2.4.48-3.1+deb11u1
> Severity: important
>
> apache2 can fail to start if the user defines a specific interface.
>
> the workaround meanwhile is to add "network-online.target" to the
> systemd unit.
>
> The issue noticeably
Control: tags -1 + moreinfo
Le 18/11/2021 à 12:49, Matthew Vernon a écrit :
> Source: apache2
> Severity: important
> User: matthew-pcre...@debian.org
> Usertags: obsolete-pcre3
>
> Dear maintainer,
>
> Your package still depends on the old, obsolete PCRE3[0] libraries
> (i.e. libpcre3-dev).
ln -s with @ instead of -)!
> 1: After every apache upgrade the /usr/sbin/apache2ctl mod needs to be
> performed again!
>
> On Tue, 6 Jul 2021 09:47:09 +0200 Michiel Hazelhof
> wrote:
>
>> Made two small tweaks to hopefully mitigate this behaviour:
> ... Do not follow this post anymore!
Hi,
could you push a merge request ?
Cheers,
Yadd
Control: tags -1 + moreinfo
Hi,
I'm unable to reproduce this issue, package apache 2 contains
default-ssl.conf and autopkgtest succeeded to start apache2.
Le 09/07/2021 à 13:12, Stadtsholte, Ingo a écrit :
> Package: apache2
>
> Version: 2.4.38-3+deb10u4
>
>
>
> After minor updating my Apache Installation to the above Version,
> AuthType in Directory directive only affects to DirectoryIndex, not to
> all other files/subdirectories
>
>
>
>
Le 09/07/2021 à 05:04, Thorsten Glaser a écrit :
> Thanks Adam for the analysis!
>
>> To stop the mails from logrotate, could you please change back:
>> - invoke-rc.d apache2 reload
>> + invoke-rc.d apache2 reload > /dev/null 2>&1
>>
>> otherwise, people running Bullseye will
Le 08/06/2021 à 10:51, Yadd a écrit :
> Le 08/06/2021 à 08:25, Yadd a écrit :
>> Le 08/06/2021 à 07:58, Yadd a écrit :
>>> Le 07/06/2021 à 17:34, Salvatore Bonaccorso a écrit :
>>>> Source: apache2
>>>> Version: 2.4.47-1
>>>> Severity: grave
d.apache.org/security/vulnerabilities_24.html#CVE-2021-31618
>
> Please adjust the affected versions in the BTS as needed.
>
> Regards,
> Salvatore
Hi all,
I can't import the whole patch for Bullseye since it is written for
2.4.47. I think the best solution is to import the w
ce (updated in real time), it
uses information from cve.mitre.org:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452
This issue is fixed in 2.2.16-1. 2.2.* versions are so old that some
information are missing, but 2.2.19-3 wasn't a Debian version (see
http://snapshot.debian.org/package/apache2/). So there is probably a
typo in criterion.
Cheers,
Yadd
ckports for Bullseye
* maybe Debian backports for Buster (buster-backports-sloppy)
Cheers,
Yadd
would also have the benefit that people could use APACHE_CONFDIR
> in their configs if they want to make paths relative to it, where the
> directive doens't use non-absolute paths per default relative to
> ServerRoot.
Hi,
could you propose a patch?
Cheers,
Yadd
23 matches
Mail list logo