Bug#1068412: marked as done (apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sun, 05 May 2024 18:47:10 +0000
with message-id <E1s3gtC-004XHe-73@fasolo.debian.org>
and subject line Bug#1068412: fixed in apache2 2.4.59-1~deb12u1
has caused the Debian Bug report #1068412,
regarding apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1068412: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709
• From: Moritz Mühlenhoff <jmm@inutil.org>
• Date: Thu, 4 Apr 2024 20:51:02 +0200
• Message-id: <Zg72lho/Sw657Uq7@pisco.westfalen.local>

Source: apache2
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for apache2.

CVE-2024-27316[0]:
https://www.kb.cert.org/vuls/id/421644
https://www.openwall.com/lists/oss-security/2024/04/04/4

CVE-2024-24795[1]:
https://www.openwall.com/lists/oss-security/2024/04/04/5

CVE-2023-38709[2]:
https://www.openwall.com/lists/oss-security/2024/04/04/3

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-27316
    https://www.cve.org/CVERecord?id=CVE-2024-27316
[1] https://security-tracker.debian.org/tracker/CVE-2024-24795
    https://www.cve.org/CVERecord?id=CVE-2024-24795
[2] https://security-tracker.debian.org/tracker/CVE-2023-38709
    https://www.cve.org/CVERecord?id=CVE-2023-38709

Please adjust the affected versions in the BTS as needed.

--- End Message ---

--- Begin Message ---

• To: 1068412-close@bugs.debian.org
• Subject: Bug#1068412: fixed in apache2 2.4.59-1~deb12u1
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Sun, 05 May 2024 18:47:10 +0000
• Message-id: <E1s3gtC-004XHe-73@fasolo.debian.org>
• Reply-to: Yadd <yadd@debian.org>

Source: apache2
Source-Version: 2.4.59-1~deb12u1
Done: Yadd <yadd@debian.org>

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1068412@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yadd <yadd@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 05 Apr 2024 16:02:26 +0400
Source: apache2
Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: source amd64 all
Version: 2.4.59-1~deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Yadd <yadd@debian.org>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Closes: 1068412
Changes:
 apache2 (2.4.59-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 2.4.58
     (Closes: CVE-2023-31122, CVE-2023-43622, CVE-2023-45802)
   * New upstream version 2.4.59
     (Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)
   * Refresh patches
   * Update test framework
Checksums-Sha1:
 0ff1bbe49e7266429e3ea5f8df651776b961902e 3520 apache2_2.4.59-1~deb12u1.dsc
 7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz
 837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc
 59cd2b140a3e313345acb675f4792a63ecad7403 820804 apache2_2.4.59-1~deb12u1.debian.tar.xz
 d854f4e07f350cf3b067caf1ed78edbde3c76031 3734744 apache2-bin-dbgsym_2.4.59-1~deb12u1_amd64.deb
 f6a264c3f91353e88233eaec66f997d86be150ad 1379912 apache2-bin_2.4.59-1~deb12u1_amd64.deb
 16d3d3d8aa25fea0c7755efc8b9685e70cc70b21 160264 apache2-data_2.4.59-1~deb12u1_all.deb
 5b643339c2a9ec14872873e41772a91f73031c3d 312108 apache2-dev_2.4.59-1~deb12u1_amd64.deb
 4ec40752b1f22964802957e6a59187ec7dce83ea 4022328 apache2-doc_2.4.59-1~deb12u1_all.deb
 b61b2467c5d0e89b06d59ba90bb413fa700f5723 3140 apache2-ssl-dev_2.4.59-1~deb12u1_amd64.deb
 0fc18949fd895d479f1f033684cfcfeb5385ada9 12392 apache2-suexec-custom-dbgsym_2.4.59-1~deb12u1_amd64.deb
 9fbc0a9723d878098ad3bb0a713c18e566f3a55f 140492 apache2-suexec-custom_2.4.59-1~deb12u1_amd64.deb
 58df2e8fa9eaa6086f8af5c5a6952a696143e78f 11204 apache2-suexec-pristine-dbgsym_2.4.59-1~deb12u1_amd64.deb
 862fdbcbe729237447cbf794dbc93fa4ae332879 138932 apache2-suexec-pristine_2.4.59-1~deb12u1_amd64.deb
 af62a8fc5d4ed2048c0c11f12593bdcf9c9acb71 115544 apache2-utils-dbgsym_2.4.59-1~deb12u1_amd64.deb
 a1df0a4b290f1e84ebad028d4c1c9cadf69f6615 207236 apache2-utils_2.4.59-1~deb12u1_amd64.deb
 a7a7ff8ced36acd0d5e20895158d4fa5158c6613 12377 apache2_2.4.59-1~deb12u1_amd64.buildinfo
 86fd09720da9d0a8496de23c40260c8e363d89c9 219972 apache2_2.4.59-1~deb12u1_amd64.deb
 12f47d1cfc23d935ec15347ec919aa43c1441b74 956 libapache2-mod-md_2.4.59-1~deb12u1_amd64.deb
 03b37e6a4d807ee07c8fdec6151f0d681f64ea48 1136 libapache2-mod-proxy-uwsgi_2.4.59-1~deb12u1_amd64.deb
Checksums-Sha256:
 7eb35073c03aac9d25b20ca453dd6627ec5089e7e7acdf292c874d3dd283df35 3520 apache2_2.4.59-1~deb12u1.dsc
 e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f 9843252 apache2_2.4.59.orig.tar.gz
 0ad3f670b944ebf08c81544bc82fae9496e88d96840cd0612d8cdeaa073eb06d 833 apache2_2.4.59.orig.tar.gz.asc
 89968e0d151fc1db6f826cff0985be8e8fad14516019719fe506e1d1c067ebdd 820804 apache2_2.4.59-1~deb12u1.debian.tar.xz
 07a2a7ebf64eb2765e0f9a74832b8c2a3d2ad82fea12232c03e76a2303c72f7d 3734744 apache2-bin-dbgsym_2.4.59-1~deb12u1_amd64.deb
 f1d72c8faa521ac1cbd166d5fa0deff7066949519150e3ba42d04941507d0bd7 1379912 apache2-bin_2.4.59-1~deb12u1_amd64.deb
 a54966f747c61bff59d1197dd72c582436dd38696d054f5ec38f4ff7d2ae41f9 160264 apache2-data_2.4.59-1~deb12u1_all.deb
 41e7c068796b5dfbaa6985483171c330655e530b3507b63d7a00b5646513b463 312108 apache2-dev_2.4.59-1~deb12u1_amd64.deb
 8c6ab968ea42bf4820273329cc3972dfc097ad9eab47013e941de7effa7acc3c 4022328 apache2-doc_2.4.59-1~deb12u1_all.deb
 f294826ac5db7123a667b3d7048241ffbcb94608ae9658d7f5e611decbcd65ba 3140 apache2-ssl-dev_2.4.59-1~deb12u1_amd64.deb
 08bf4c363375d78f6c6a2d731e5d6f6f1537aba40f1bc0eb99e820b8c71ea362 12392 apache2-suexec-custom-dbgsym_2.4.59-1~deb12u1_amd64.deb
 631d97f2123c598f4ac9acb0951dcf518b9d513ed01b372a844a512afd0bd0ac 140492 apache2-suexec-custom_2.4.59-1~deb12u1_amd64.deb
 fea71c46f48fad02ed5ad060589bcc2cf11fd95ef975e6b0fad11053bbdccfc0 11204 apache2-suexec-pristine-dbgsym_2.4.59-1~deb12u1_amd64.deb
 5b1cfc27e18206d2159a7a793005e0ba6477a103147b6fa7fffcdf53f20a0a3f 138932 apache2-suexec-pristine_2.4.59-1~deb12u1_amd64.deb
 2c299918bec037f8d2fb06b6951c6f6499f460d13b79bb9fe3a9cfcb544ac223 115544 apache2-utils-dbgsym_2.4.59-1~deb12u1_amd64.deb
 0dffe17529bb24a7ae79543ff741a4427e361ad6a24fad193794deede7256e21 207236 apache2-utils_2.4.59-1~deb12u1_amd64.deb
 af46eb53a682aeba54aef3fd30b806ef6052a7961f6351b1fba0f2bcae5ebd94 12377 apache2_2.4.59-1~deb12u1_amd64.buildinfo
 fb99b9b11325853eff78d17af0bf0bcbfcf8bd10ee53b5aed1c1f33f0a2a7cc0 219972 apache2_2.4.59-1~deb12u1_amd64.deb
 c187a25e9a5f4dbb7693bb6c51da6a79190d200924c86b39fd11c7dc24774d57 956 libapache2-mod-md_2.4.59-1~deb12u1_amd64.deb
 15be7ec34e0164b2aa1cdccc76589ee32f21bcdb7f3761bd06a36832801c0d82 1136 libapache2-mod-proxy-uwsgi_2.4.59-1~deb12u1_amd64.deb
Files:
 3e97d6fdf490dc0194c8507b3c2ee746 3520 httpd optional apache2_2.4.59-1~deb12u1.dsc
 c39d28e0777bc95631cb49958fdb6601 9843252 httpd optional apache2_2.4.59.orig.tar.gz
 3c342b3dcc0fe227a1fffdf9997987d0 833 httpd optional apache2_2.4.59.orig.tar.gz.asc
 51a202df52e59804ff90a478b2104a60 820804 httpd optional apache2_2.4.59-1~deb12u1.debian.tar.xz
 8c601215f7cc5e66afb9e95914369832 3734744 debug optional apache2-bin-dbgsym_2.4.59-1~deb12u1_amd64.deb
 b5fb2f27e0a06f8704664af307ed3a1a 1379912 httpd optional apache2-bin_2.4.59-1~deb12u1_amd64.deb
 759b9d3acec4b4b3df4c88cbf90a6256 160264 httpd optional apache2-data_2.4.59-1~deb12u1_all.deb
 b6efc63d172420cd60454511c299e45c 312108 httpd optional apache2-dev_2.4.59-1~deb12u1_amd64.deb
 8ee750b1a7aebffa24af4f4b16b60667 4022328 doc optional apache2-doc_2.4.59-1~deb12u1_all.deb
 f472e059705d68be59f8732250609def 3140 httpd optional apache2-ssl-dev_2.4.59-1~deb12u1_amd64.deb
 3176c2a0f59d4cda1cc23f39233f0d9a 12392 debug optional apache2-suexec-custom-dbgsym_2.4.59-1~deb12u1_amd64.deb
 3d4dbc9785a58a38ebb7b372a7a5c42d 140492 httpd optional apache2-suexec-custom_2.4.59-1~deb12u1_amd64.deb
 42d49aa2c435f1ccac1ca0ed09227e28 11204 debug optional apache2-suexec-pristine-dbgsym_2.4.59-1~deb12u1_amd64.deb
 1b66896149b35dbce3edeca95535ee14 138932 httpd optional apache2-suexec-pristine_2.4.59-1~deb12u1_amd64.deb
 79e9fd83118d0b732618625571d8ce10 115544 debug optional apache2-utils-dbgsym_2.4.59-1~deb12u1_amd64.deb
 72560c1bab888fbac690c643ba66e2a4 207236 httpd optional apache2-utils_2.4.59-1~deb12u1_amd64.deb
 94b13bdb1e997233bbe1abd5353d9cf2 12377 httpd optional apache2_2.4.59-1~deb12u1_amd64.buildinfo
 74492a810fa5bcba377309d1fe4c16c4 219972 httpd optional apache2_2.4.59-1~deb12u1_amd64.deb
 2e1713245247db76f78b4907143e7e17 956 oldlibs optional libapache2-mod-md_2.4.59-1~deb12u1_amd64.deb
 44783c842874080101742e25a9f0401a 1136 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.59-1~deb12u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmYP6RAACgkQ9tdMp8mZ
7ukzCw/+MXTYbijOvW1W368EkLXHy/vbvtxgGhBcTfY1Ep//DkdpAy0hKEYYZ473
+k6B/xWaqJ47sGrJZDRAIUiTACaor2imoBcjA+5xUpo+e+0oqERTjOKjsR1ghhEK
S2x5rfPGoZLH2/RcGXge1Qs2puburn5HgIefndrAiCL6baDbfqYILViDDNYZmWWh
Lb0OwMDHajPCTpu3i1iA9LLJID/lIFcdofYzkOR1JxYeTetv/4WZqjSrJZadKmsI
9bq+6LixgcoiFUPUITNwOxtTNZZnXGUWbN5z09priIhBOGMF0T1nLDJnl04/TfKm
55CjII3I0Y3U6t6V3HrsR9z9s41SOwBrt7C37FdyGg5SuAIb25Tturhhc16UgVAo
9myrtyRVyhMbXdcK2MlfKMtm8yT+jl09vUxiYR6c53fIGs/NNl4YlJ9RYssRsAEJ
HXPvzv6fm0gcyb7VI7qaXAXzRaZ8kg6e0vM57MGAoPt/S9MQ2llKIcNc1qhN4cdo
pRboSjhdo5cE9YSsmAq4jh6jIBFw+pehG3t9tWW1l8TcqeCAjefZ6OVw5JUPwBFL
it0QTdAlCu3cV2gpox1W7lgMiPg4pouqaRLwv1WiB3b6oyaLvPKTxiuuOjlyEspG
3SRIRfONc2VkuRoH9jNolr3F1lY7MWOtwWefFIhTNgsdC4EhUcw=
=K0dK
-----END PGP SIGNATURE-----

Attachment: pgpJS1gKr3m6K.pgp
Description: PGP signature

--- End Message ---