[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1068412: marked as done (apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)

Your message dated Sun, 05 May 2024 19:17:41 +0000
with message-id <E1s3hMj-004c4s-Tx@fasolo.debian.org>
and subject line Bug#1068412: fixed in apache2 2.4.59-1~deb11u1
has caused the Debian Bug report #1068412,
regarding apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1068412: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: apache2
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for apache2.

CVE-2024-27316[0]:
https://www.kb.cert.org/vuls/id/421644
https://www.openwall.com/lists/oss-security/2024/04/04/4

CVE-2024-24795[1]:
https://www.openwall.com/lists/oss-security/2024/04/04/5

CVE-2023-38709[2]:
https://www.openwall.com/lists/oss-security/2024/04/04/3

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-27316
    https://www.cve.org/CVERecord?id=CVE-2024-27316
[1] https://security-tracker.debian.org/tracker/CVE-2024-24795
    https://www.cve.org/CVERecord?id=CVE-2024-24795
[2] https://security-tracker.debian.org/tracker/CVE-2023-38709
    https://www.cve.org/CVERecord?id=CVE-2023-38709

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message --- 
Source: apache2
Source-Version: 2.4.59-1~deb11u1
Done: Yadd <yadd@debian.org>

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1068412@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yadd <yadd@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 05 Apr 2024 16:08:04 +0400
Source: apache2
Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: source amd64 all
Version: 2.4.59-1~deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Yadd <yadd@debian.org>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Closes: 1068412
Changes:
 apache2 (2.4.59-1~deb11u1) bullseye-security; urgency=medium
 .
   * New upstream version 2.4.58
     (Closes: CVE-2023-31122, CVE-2023-43622, CVE-2023-45802)
   * Drop 2.4.56-regression patches
   * New upstream version 2.4.59
     (Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)
   * Install NOTICE files
   * Update test framework
   * Refresh patches
Checksums-Sha1:
 b0c553ee2f9076ab255d36f6f77a4155e8f5180d 3539 apache2_2.4.59-1~deb11u1.dsc
 7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz
 837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc
 8d3d9c0ec949faa3683bc395b0955584347323a6 895172 apache2_2.4.59-1~deb11u1.debian.tar.xz
 651b4de4722fb3cf7331e0df7147738b7015bf89 3308712 apache2-bin-dbgsym_2.4.59-1~deb11u1_amd64.deb
 46176b8ad83ca0e991d575f498d67871b2c2e1d6 1447660 apache2-bin_2.4.59-1~deb11u1_amd64.deb
 2cd7eef5039ed029710efc9edb1c8b8d3822381b 160212 apache2-data_2.4.59-1~deb11u1_all.deb
 7ae879f3f9fd07d0b0faff14e40af9d955e11a3d 374820 apache2-dev_2.4.59-1~deb11u1_amd64.deb
 a74bbd0f3c77d93b2933e9a7ca2c4daef09767ae 4085344 apache2-doc_2.4.59-1~deb11u1_all.deb
 6b04306349ed3dab9a9baae0bb6ecc733d87101e 3148 apache2-ssl-dev_2.4.59-1~deb11u1_amd64.deb
 592c2db4a61122edf71651806dab471f3c4fd523 12348 apache2-suexec-custom-dbgsym_2.4.59-1~deb11u1_amd64.deb
 c8d55c5c2d152295a8f052afb4687b4c608010b6 203964 apache2-suexec-custom_2.4.59-1~deb11u1_amd64.deb
 f15301bcdfa07e497b13d2e2b63f72b8b1b5e8d1 11140 apache2-suexec-pristine-dbgsym_2.4.59-1~deb11u1_amd64.deb
 32bca066d4c74d879a47c9695eba65305ce40beb 202404 apache2-suexec-pristine_2.4.59-1~deb11u1_amd64.deb
 c96298d3153025ee40865dc3114cde0cdc768cd2 115748 apache2-utils-dbgsym_2.4.59-1~deb11u1_amd64.deb
 9d40390c27ffcfb4291074e8da52e85d7c1542a4 271100 apache2-utils_2.4.59-1~deb11u1_amd64.deb
 b6c21fd9d72ce97e5bed90e742367bd956752d4e 12690 apache2_2.4.59-1~deb11u1_amd64.buildinfo
 cdb3c0c6f59f347ab1a5a05759bb0da7a886a1fa 283732 apache2_2.4.59-1~deb11u1_amd64.deb
 dba70fb6f094395bf44685af6de02efbb9112f4b 956 libapache2-mod-md_2.4.59-1~deb11u1_amd64.deb
 93d5d7eda14453906d757151f463cae78d545069 1136 libapache2-mod-proxy-uwsgi_2.4.59-1~deb11u1_amd64.deb
Checksums-Sha256:
 778f49efe1aab7caa9446c4027664cbc77c9b54d4f11e69fc1b1e3f4725e8b77 3539 apache2_2.4.59-1~deb11u1.dsc
 e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f 9843252 apache2_2.4.59.orig.tar.gz
 0ad3f670b944ebf08c81544bc82fae9496e88d96840cd0612d8cdeaa073eb06d 833 apache2_2.4.59.orig.tar.gz.asc
 04df061eedac33928a93afe996a9839e83a5daddc5ee53088a0bb37090ed9331 895172 apache2_2.4.59-1~deb11u1.debian.tar.xz
 fde3f605f2591fc8ec3ef50cc3fa13e318060fe51f5fa5253654889a48989c36 3308712 apache2-bin-dbgsym_2.4.59-1~deb11u1_amd64.deb
 a8b9c67f1f198511d1769ea1d181950c329b82110812515fcc126da12d78ac55 1447660 apache2-bin_2.4.59-1~deb11u1_amd64.deb
 701dd3e0bae253b68d9ee12165c67557fc9b9bd485c7d6306410754dd5606ddc 160212 apache2-data_2.4.59-1~deb11u1_all.deb
 81082a7e4bb4a469dba94655c5a28cfa215b1aeb189244066904be9eb3670f4b 374820 apache2-dev_2.4.59-1~deb11u1_amd64.deb
 364ea71d4666f290d80692d9104e1c021380e677821b15bcdb79888be017261f 4085344 apache2-doc_2.4.59-1~deb11u1_all.deb
 49a7fd50c283a3a039e59ab3c14702ecb2cff94296ffa9d3bded6ec6cca7c97d 3148 apache2-ssl-dev_2.4.59-1~deb11u1_amd64.deb
 c31f146feaa81ae84ebeba6509ebf1d9cd55f9c2e8b6a5b1f5d9a5837f0ee5dc 12348 apache2-suexec-custom-dbgsym_2.4.59-1~deb11u1_amd64.deb
 6c646b06d6187df71e36b5400a7fac1df2e578219e1856e57cd3038a7c65eefb 203964 apache2-suexec-custom_2.4.59-1~deb11u1_amd64.deb
 c75bcdb70660d6713671ce437f18205c35099b754b608d770c3b780e7c3625df 11140 apache2-suexec-pristine-dbgsym_2.4.59-1~deb11u1_amd64.deb
 2bdbf4f4406fdcd04320c6cb2bec4f70f5e6059f4a72211f7e8d561f865edede 202404 apache2-suexec-pristine_2.4.59-1~deb11u1_amd64.deb
 b26b4a56cc84358d59a0f6287c0ec01ccbd2deb1a35adf383d9f98d9fd4f06d9 115748 apache2-utils-dbgsym_2.4.59-1~deb11u1_amd64.deb
 e6f6f42a06e370e1f808838150f5c7d43619c2a38ec0fee24d113bb634c0b60c 271100 apache2-utils_2.4.59-1~deb11u1_amd64.deb
 338e03aaba1aecd93b8320c3bc10e96bc59c1f300a17a995bdd5050ea130d881 12690 apache2_2.4.59-1~deb11u1_amd64.buildinfo
 037bcc5b8a89df5a92948cc1294e0b97de9185a5d1de5297dda04338fd83f6d6 283732 apache2_2.4.59-1~deb11u1_amd64.deb
 4ac37021adcdd77a6c86153c225421f648a09c256dc03109757b73d9c69ec525 956 libapache2-mod-md_2.4.59-1~deb11u1_amd64.deb
 e6a8d77cff572a8c8e7d638947c4f7d2658624549e7f6e9e426e6180209da1a9 1136 libapache2-mod-proxy-uwsgi_2.4.59-1~deb11u1_amd64.deb
Files:
 34e437fdffc488623f71ef343ab5b2fa 3539 httpd optional apache2_2.4.59-1~deb11u1.dsc
 c39d28e0777bc95631cb49958fdb6601 9843252 httpd optional apache2_2.4.59.orig.tar.gz
 3c342b3dcc0fe227a1fffdf9997987d0 833 httpd optional apache2_2.4.59.orig.tar.gz.asc
 e75111ec2dff1bfb40851e9cd95cb4c8 895172 httpd optional apache2_2.4.59-1~deb11u1.debian.tar.xz
 81385a330e46e7854c7985e94313089e 3308712 debug optional apache2-bin-dbgsym_2.4.59-1~deb11u1_amd64.deb
 75161a8c7e49345a13a1561240a23c55 1447660 httpd optional apache2-bin_2.4.59-1~deb11u1_amd64.deb
 087abdf469a5591067b7671d2e78a4c9 160212 httpd optional apache2-data_2.4.59-1~deb11u1_all.deb
 57dc67bbf13d6a702adb5d18af508296 374820 httpd optional apache2-dev_2.4.59-1~deb11u1_amd64.deb
 898ff24dc889ff824553788543a3e92a 4085344 doc optional apache2-doc_2.4.59-1~deb11u1_all.deb
 8ae80bb43bf33ec7dd17e906f7a5f0fc 3148 httpd optional apache2-ssl-dev_2.4.59-1~deb11u1_amd64.deb
 ae5ef1a7629058f83e2f25a1c95f3d95 12348 debug optional apache2-suexec-custom-dbgsym_2.4.59-1~deb11u1_amd64.deb
 cf6b0484728271185b609aab0a4d3ba1 203964 httpd optional apache2-suexec-custom_2.4.59-1~deb11u1_amd64.deb
 a4bb6b10bf60b321270c048750e29543 11140 debug optional apache2-suexec-pristine-dbgsym_2.4.59-1~deb11u1_amd64.deb
 dc27e2f38ee8fff7d6adefbf6d6f762d 202404 httpd optional apache2-suexec-pristine_2.4.59-1~deb11u1_amd64.deb
 817c12f43714c513dfbd2de56981f836 115748 debug optional apache2-utils-dbgsym_2.4.59-1~deb11u1_amd64.deb
 a566ba10ff85c7d06583f1c0b683bfa4 271100 httpd optional apache2-utils_2.4.59-1~deb11u1_amd64.deb
 0bf09e26d44e403ed55524ed3afe6e88 12690 httpd optional apache2_2.4.59-1~deb11u1_amd64.buildinfo
 30a814c6c54aec143c8f5d74813371fa 283732 httpd optional apache2_2.4.59-1~deb11u1_amd64.deb
 6aa265f42fa9d5846c636ecec6c3939c 956 oldlibs optional libapache2-mod-md_2.4.59-1~deb11u1_amd64.deb
 ee8c3ce5d91cd14d9eebe943e883f42f 1136 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.59-1~deb11u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmYUB+0ACgkQ9tdMp8mZ
7unoKRAAmKvgUAAhavvRZiljjCr0uitAW+LqglY2GZ7Pf3rN4oZfpaK/A5FBhbZ6
pUOsrnQiUnRBC0t46lTHV9Qutl9PalNSsRpRnH8s7A+srrNOsgyciYvsmYYhhOL3
qbsrtIWHij2BAskBS+O5oA8JA/k0AFZ9lnp2vDFa3F1hAC35Q4acS8rQ4YixGM1+
hInHGkoL/bozewB8Bu3wo0L4IHJoS38Y5jHFbJr4IcY8LLSGUkpZkJEU9Cam/pa+
SLlnfyjIXzV2XaBej4Za+0oSFK+d61s2ZoLUMEq86XYNLtXg2gRY0nVD+pt7EhXP
QvQv9l2iqiY//d+BUr83cvM3dwFgb1eIvacBdBR2j45yFQHC3Y0UyNqAkvVZmvog
ZRX0AFip4dQdidpiv1DaZT12srs/K6ZgaAwCk7dL0QUF58TEe5otqVpGwnXeUsOx
l8sY4BpetHCogVpIDQHo+WpDbb5l4XoRYoesw7fMhewWpMMNTo4lJLPB00CDkkWD
1x5bY7NkuuQt3phhlMp2tfFfOy51zGMlaxIYI8NmEHsFFI7bi0xmCIhggW2OYUmD
t5QGffezlzvuK3tk1jSNTKF4Hq6AtQ9EWzZ5Q+ft1emVsODSSRHXcisBKzXLPjss
pTzxAlJg9v9bkGptkbjMVBvl2zher9jmhs1YTuznsObRltX0xSs=
=qdRt
-----END PGP SIGNATURE-----

Attachment: pgpNzphQkriaF.pgp
Description: PGP signature


--- End Message ---
Reply to: