This bug was fixed in the package apache2 - 2.4.66-2ubuntu1
---------------
apache2 (2.4.66-2ubuntu1) resolute; urgency=medium
* Merge with Debian unstable (LP: #2138379). Remaining changes:
- d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
d/source/include-binaries, d/t/check-ubuntu-branding: Replace
Debian with Ubuntu on default homepage.
(LP #1966004, LP #1947459)
- d/apache2.py, d/apache2-bin.install: Add apport hook
(LP #609177)
- d/c/m/setenvif.conf: Add dolphin and Konqueror/5 careful redirection so
that directories can be deleted via webdav. (LP #1927742)
- d/debhelper/apache2-maintscript-helper: Allow execution when called from a
postinst script through a trigger (i.e., postinst triggered).
Thanks to Roel van Meer. (Closes: #1060450)
(LP #2038912)
- d/index.html, d/apache2.postrm: Fix https link to apache
documentation.
(LP #2045055)
apache2 (2.4.66-2) unstable; urgency=medium
* Update test framework
* Parallelize tests when more than 3 CPUs are available
apache2 (2.4.66-1) unstable; urgency=medium
[ Laurent Bigonville ]
* Enable systemd module (Closes: #860087).
* debian/apache2ctl: Fix the restart and greceful when using system.
When apache is not running and restart or greceful is called, apache
was running in the user cgroup and system was be confused
(Closes: #927302).
This will also avoid to leak fd to apache
(Closes: #713967).
[ Helmut Grohne ]
* Fix FTCBFS: (Closes: #913094)
+ Annotate perl build dependency with :any.
+ cross.patch: Use AC_PATH_TOOL to find pkg-config.
+ Generate server/test_char.h ahead of the build
[ Jason Perrin ]
* Fix packaging steps undo setting of setuid bit
(Closes: #900612)
[ Bastien Roucariès]
* Harden systemd services. Set ProtectSystem=full
ProtectHome=read-only, RestrictSUIDSGID=yes.
This may break read-write CGI script to /home and
WebDaV or other CGI/php/lua uses.
* Move /var/run to /run and /var/lock to /run/lock
* Allow CAP_SYS_CHROOT for chroot
(Closes: #1091855)
* Remove apache2 IPC
[ Moritz Schlarb ]
* Support Rules-Requires-Root: no (Closes: #1105015)
[ Yadd ]
* New upstream version (Closes: #1121926, CVE-2025-55753, CVE-2025-58098,
CVE-2025-59775, CVE-2025-65082, CVE-2025-66200)
-- Hector Cao <[email protected]> Wed, 14 Jan 2026 16:39:27
+0100
** Changed in: apache2 (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2025-55753
** CVE added: https://cve.org/CVERecord?id=CVE-2025-58098
** CVE added: https://cve.org/CVERecord?id=CVE-2025-59775
** CVE added: https://cve.org/CVERecord?id=CVE-2025-65082
** CVE added: https://cve.org/CVERecord?id=CVE-2025-66200
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2138379
Title:
Merge apache2 2.4.66-2 from Debian Unstable for r-series
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2138379/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
