-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 04 Oct 2024 15:21:08 +0000 Source: apache2 Architecture: source Version: 2.4.62-1~deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Closes: 1079172 1079206 Changes: apache2 (2.4.62-1~deb12u2) bookworm-security; urgency=medium . * Fix CVE-2024-38474 regression: Better question mark tracking to avoid UnsafeAllow3F (Closes: #1079172) * Fix CVE-2024-39884 regression: Trust strings from configuration in mod_proxy (Closes: #1079206) * Add myself as maintainer with Yadd agreement Checksums-Sha1: 143a7b4d775909fd1474def8314fb180b633aa1d 3584 apache2_2.4.62-1~deb12u2.dsc 60fd03e9558c240293372953d9fe01bf74896bb6 9872432 apache2_2.4.62.orig.tar.gz 198dd91f2a30797a1804043c70923b11a9b9ebf3 833 apache2_2.4.62.orig.tar.gz.asc f467512ed53c7f67b9bfd17d3e46c2fca3dd9ec1 824080 apache2_2.4.62-1~deb12u2.debian.tar.xz 61b4e92290c9813dc599971279d1889910fc7163 12455 apache2_2.4.62-1~deb12u2_amd64.buildinfo Checksums-Sha256: b49ee9734fa951f3f39b9dc734ec21ef2e3e6e54d69f0feda67308f9ed2182d5 3584 apache2_2.4.62-1~deb12u2.dsc 3e2404d762a2da03560d7ada379ba1599d32f04a0d70ad6ff86f44325f2f062d 9872432 apache2_2.4.62.orig.tar.gz 7765403a937dacb562a0eb15ed11ba85f703d10c6bb8b5630591d18876975963 833 apache2_2.4.62.orig.tar.gz.asc b8cebc0018a0c12c78d8052d872b0c9c152c8c91da0d16fee6112cfa15df33f1 824080 apache2_2.4.62-1~deb12u2.debian.tar.xz e771c851a2c3bfe02e20532a37e83d3e8577c107b3de2fe757c832fbebdc15ec 12455 apache2_2.4.62-1~deb12u2_amd64.buildinfo Files: a0319602a93accab10af2a1b2911ddd3 3584 httpd optional apache2_2.4.62-1~deb12u2.dsc 9edaa3bce9534184d505e57d2832b365 9872432 httpd optional apache2_2.4.62.orig.tar.gz 84aecb3166133e56a8cc6d784fc9be64 833 httpd optional apache2_2.4.62.orig.tar.gz.asc 8ccd6dced6a5bddcb0a947d02608eaef 824080 httpd optional apache2_2.4.62-1~deb12u2.debian.tar.xz e670fbd0279dcc617b9455bd26771570 12455 httpd optional apache2_2.4.62-1~deb12u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmcAK64RHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF/5fg//U059ISaETD2QatWMPPW02Iiei7+naY8m XhTes5URshiI9ieHZtOpqBnRpOZBNB1urKMiSOvR9KiUlCrN0Dr+hO9rOs3TBDb1 gd33+d0XBO7NPlcthZUJjMlTh/JHB3sWLGNNgLHEK9/1Qpcti0rTsozwZdilo3Fd DSU7Xg/9fPMFxE6vvDtUgm3kFE1xR5+sjCJvG1vfTY6aa4sTl058ck1I4bhOC6lr Bms5CKFY6OmB5LOusxj5h/LDXDZ2kdNp/+07OamEQejEpoR98Ll06v6VDXeE/y7Z alxc/9opi/ZEoklLw4sCEgUGCRzzbxFcJKr9OvW2Hk8HCJ0j3YszQLJmpXWcZJBq UfQlclU/5tQyE7pt4lCuDXorj7+bV27naP7VFcaEgi1/EQHOjRSM+/1gs48DDzsm UkDwhSnktMWeD9c/cWZL5DAqEuZN++fDcmTGq4x5B6hKMWndVR3SnJ5OJ3cNqIDY Xk90ZTaO8JWwh3FdNeddLe062AuWs9ofhRI4lt+/47cLZjXxVkO7B/oSDk7tJ/oR pVFGyLwcMCksI0IqB0Xbg0SS5C/N1Ow1Ekpzb5tfgiNu4eFvReIQciBD+1/CxRPL 1O88e28wv8x1w2hKlkP8BoZlkOzV50zDbHyj7eAOlWG35MDBF2x+sLhj9RoVUes0 /hMkrYOoUjs= =1ebE -----END PGP SIGNATURE-----