Your message dated Fri, 11 Jul 2025 05:05:08 +0000 with message-id <E1ua5wa-002vvT-9c@fasolo.debian.org> and subject line Bug#972695: fixed in apache2 2.4.64-1 has caused the Debian Bug report #972695, regarding apache2: logrotate config should mention the importance for TLS of daily rotation to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 972695: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972695 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apache2: logrotate config should mention the importance for TLS of daily rotation
- From: Jonas Smedegaard <dr@jones.dk>
- Date: Thu, 22 Oct 2020 19:06:24 +0200
- Message-id: <160338638451.1894225.3544879749260328766.reportbug@auryn.jones.dk>
Package: apache2 Version: 2.4.46-1 Severity: important -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 When using TLS, SSLSessionTickets is enabled by default. SSLSessionTickets need frequent server reloads for Perfect Forward Secrecy, which in Debian is ensured through daily logration. That long chain of logic is not obvious, however, and a system administrator might find it sensible to adjust frequency of logrotation without being aware of the security implications. I strongly recommend to add a comment in the logrotate file warning that if the server uses TLS, then the server should be reloaded at least daily, either through logrotation or by other means. <https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#SSLSessionTickets> - Jonas -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAl+RvA0ACgkQLHwxRsGg ASEF5g//Ue1Inqss8Ryl3WKO4vXcF0BMDAA42kq/GTnoiVROQMb7+fwmGGZmGa30 Qz1sF9neub/5bdg6yYKu99WtTkEHPZDxa0PXhHhQYSLr0hKz7GBgIJ2Zi4qDvQJV /IWvtN6yJf8fWJns3hXOy2UitM7oGGcf/l7r6EmDn9V58o7wsAyrvanaDfBrB/QB QaHZRXnE3cStTZHKZ7NrN0mwzq21w3M/9cnMdZyWWL+LHWd+fLp67KqeCJ9LEsoh wesjxeaPRazz/3+vkpEk6a+VxUbh89O8603dES0ouWl2NPpim7J201ah/kD85Igx EfZhr+ccaMi1j6CSYYGajRxcQ+IJCqGF2HxYyrI3x4Jk8pzv7C4XMQQq86K6gj0u IjSH0feNB/YZ3pZMWYdGLIo+QVEUM87oZksZbaovl1GEdsmt1QUZE9dvDI6qMigV 6XQMLZtuqnfnHT7+nt2z5GVDApI8AUQs1wGe+kqVowbiyxVfj3VDh8FGev1GalnO ZrceW73s70s9wlSCos9RctIBs37Soc5DcfJFPXNzcH0z49vf+y5fVyEMpU+w4llR vaJ0Qz4ZC3wQi6SYWWXawaHB9DgXSX4ywjXYbWUaCGB4sZTjjuukxWpFHuE/7v8G YUgOvlA5eCl6hGD0MgGexRMDC6pb8kcC5reNiF9DqY5KbDGE858= =w4os -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
- To: 972695-close@bugs.debian.org
- Subject: Bug#972695: fixed in apache2 2.4.64-1
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Fri, 11 Jul 2025 05:05:08 +0000
- Message-id: <E1ua5wa-002vvT-9c@fasolo.debian.org>
- Reply-to: Yadd <yadd@debian.org>
Source: apache2 Source-Version: 2.4.64-1 Done: Yadd <yadd@debian.org> We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 972695@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd <yadd@debian.org> (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 11 Jul 2025 06:37:48 +0200 Source: apache2 Architecture: source Version: 2.4.64-1 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Yadd <yadd@debian.org> Closes: 972695 1107049 1108897 Changes: apache2 (2.4.64-1) unstable; urgency=medium . [ Yadd ] * Add libanyevent-websocket-client-perl in test-suite dependencies * Add build dependency to libcrypt-dev (Closes: #1107049) * Update d/ch * Drop old and useless build helper (Closes: #1108897) * New upstream version 2.4.64 (Closes: CVE-2025-23048, CVE-2024-42516, CVE-2024-43204, CVE-2024-43394, CVE-2024-47252, CVE-2025-49630, CVE-2025-49812, CVE-2025-53020) * Unfuzz patches . [ Jo ] * Adapted comment for SSLSessionTickets (Closes: #972695) Checksums-Sha1: 658495411267a5e4eeccf93ff47e1f19c4e5464a 3494 apache2_2.4.64-1.dsc 8d13febd744e3d2d771902818f87f3f741088b61 9590595 apache2_2.4.64.orig.tar.gz ebe55de5501a4bfc40e39c272c80e729abb13eef 833 apache2_2.4.64.orig.tar.gz.asc bcb5d8a8d3efbbc52855fbfa3b3bd6f555d005c9 823676 apache2_2.4.64-1.debian.tar.xz Checksums-Sha256: c6970bf0fcd46ec029dca7b438a4c86ce02cf7c60893f399f8330ad342cd7f3d 3494 apache2_2.4.64-1.dsc 5802224a30846f1471d19451a21f0274ad7f193169b9dc01ac56e53e554f63a3 9590595 apache2_2.4.64.orig.tar.gz b4533960931b044992832688a82af6441e918f544cd367b7ac9016f092b2c191 833 apache2_2.4.64.orig.tar.gz.asc 0259b138534fc935ab6bcd44031a204550cc2a2b73fb92a126eb978eb5639ca6 823676 apache2_2.4.64-1.debian.tar.xz Files: 666cb19db753ae85da171bf22b4ebef5 3494 httpd optional apache2_2.4.64-1.dsc b3e7749bb4a5adcf3cec31d919b953b0 9590595 httpd optional apache2_2.4.64.orig.tar.gz 52a5dae02ddf9860e0c449fa019bb968 833 httpd optional apache2_2.4.64.orig.tar.gz.asc 885cb57dd58fc0763e2e52bdd95869c9 823676 httpd optional apache2_2.4.64-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmhwlmwACgkQ9tdMp8mZ 7um7Cw/+K5w/hUOdD9IW/MbFdjPYBtGpBGxi3MnYjD4V0vTclSf2eeJVZBRh4ZQv thIGHLy4++F4LnWcQ1ol3cYAKuKHOvURygt4XXOwNH8YXHRWrCcnWOJHj5D+17+j +43fVRcx6lFN1g26YqINIjWlMu+yD1scZF5H1LlxZrLNMBrHRJtYbSRE61zERKqk 9hq52Rp1fP4mFvpwvGuP5qCYJKnSHd2igSp+KGhgI8VDWqgxBXMu4QMTP3IjsNo+ XtrXOWJGPBNRU1+cUhMI1de3bLemF58ceiwJE7qiqrlZQ43+sBRIn1ksHESRSABP seTVrM8fhu5fQl8KBqDj2s8qaSN3d6PWyhos+WKaf3Pq3a/tpJro0uDtcNn2JaB8 oYNZOIul2ZRzMFmENOkmdsBq111w8jxkHxpZkQjY2SSMMryLePQWs4PIxnOrHRAP ZNzRdpELSlKY6LlROX+uBLwAZPBmsOWXG4+/34otT4BeLdOKPGGfkmOkFauzpDjL yxitUSWYCaWV8a8YjW29dDgFd9jv2FvkZ2Zx46lG48aeixAoDG9J8UBPtidwXVrT 8kIf7nu0OT4eR2AoOt/xiqGXvD/+0nlUeR3XJxrkSb07mZXNvsnMIihcEYcsYbHU q1LMG5d3NqIlbxkRwB4zo7noBNX7VlZFiahvgIBUbv6nwpxGxOU= =GSaT -----END PGP SIGNATURE-----Attachment: pgp35qPObof1_.pgp
Description: PGP signature
--- End Message ---