[Bug 2126015] Re: Merge apache2 from Debian Unstable for r-series

Tue, 25 Nov 2025 14:30:38 -0800 

This bug was fixed in the package apache2 - 2.4.65-3ubuntu1

---------------
apache2 (2.4.65-3ubuntu1) resolute; urgency=medium

  * Merge with Debian unstable (LP: #2126015). Remaining changes:
    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
      d/source/include-binaries, d/t/check-ubuntu-branding: Replace
      Debian with Ubuntu on default homepage.
      (LP #1966004, LP #1947459)
    - d/apache2.py, d/apache2-bin.install: Add apport hook
      (LP #609177)
    - d/c/m/setenvif.conf: Add dolphin and Konqueror/5 careful redirection so
      that directories can be deleted via webdav. (LP #1927742)
    - d/debhelper/apache2-maintscript-helper: Allow execution when called from a
      postinst script through a trigger (i.e., postinst triggered).
      Thanks to Roel van Meer. (Closes: #1060450)
      (LP #2038912)
    - d/index.html, d/apache2.postrm: Fix https link to apache
      documentation.
      (LP #2045055)
  * Dropped changes:
    - d/p/CVE-2025-54090.patch: fix return code in
      modules/mappers/mod_rewrite.c. (CVE-2025-54090)
      [ Applied upstream in version 2.4.65 ]

apache2 (2.4.65-3) unstable; urgency=medium

  * Change default LANG in envvars from C to C.UTF-8
    (Closes: #787584)
  * systemd service apache2 is aliased to httpd
    (Closes: #915855)
  * document a2* environment files in man page
    (Closes: #880421)
  * Failing test in its test suite
    (Closes: #1107289, LP: #2112429)
  * Restart on-abnormal instead of on-abort
    (Closes: #1106280)
  * Allow triggers to use maintscript helper to restart apache
    (LP: #2038912)

apache2 (2.4.65-2) unstable; urgency=high

  * Fix SSLProtocol has a duplicate "all"
    (Closes: #1109839)
  * Warn about misconfigured load balancer following fix of
    CVE-2025-23048.

apache2 (2.4.65-1) unstable; urgency=medium

  * New upstream version 2.4.65 (Closes: CVE-2025-54090)
  * Unfuzz patch

apache2 (2.4.64-2) UNRELEASED; urgency=medium

  * Per RFC 8996 disable by default TLS 1.0 and TLS 1.1
    (Closes: #943415)

 -- Renan Rodrigo <[email protected]>  Mon, 17 Nov 2025 09:22:55 -0300

** Changed in: apache2 (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: https://cve.org/CVERecord?id=CVE-2025-23048

** CVE added: https://cve.org/CVERecord?id=CVE-2025-54090

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2126015

Title:
  Merge apache2 from Debian Unstable for r-series

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2126015/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to