Your message dated Thu, 01 Jan 2026 11:32:05 +0000 with message-id <E1vbGuT-0000000AVan-2DSI@fasolo.debian.org> and subject line Bug#1121926: fixed in apache2 2.4.66-1~deb13u1 has caused the Debian Bug report #1121926, regarding apache2: CVE-2025-55753 CVE-2025-58098 CVE-2025-65082 CVE-2025-66200 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1121926: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apache2: CVE-2025-55753 CVE-2025-58098 CVE-2025-65082 CVE-2025-66200
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Thu, 04 Dec 2025 21:12:45 +0100
- Message-id: <176487916596.668326.432902117290093049.reportbug@eldamar.lan>
Source: apache2 Version: 2.4.65-2 Severity: important Tags: security upstream X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org> Hi, The following vulnerabilities were published for apache2. CVE-2025-55753[0]: | mod_md (ACME), unintended retry intervals CVE-2025-58098[1]: | Server Side Includes adds query string to #exec cmd=... CVE-2025-65082[2]: | CGI environment variable override CVE-2025-66200[3]: | mod_userdir+suexec bypass via AllowOverride FileInfo If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-55753 https://www.cve.org/CVERecord?id=CVE-2025-55753 [1] https://security-tracker.debian.org/tracker/CVE-2025-58098 https://www.cve.org/CVERecord?id=CVE-2025-58098 [2] https://security-tracker.debian.org/tracker/CVE-2025-65082 https://www.cve.org/CVERecord?id=CVE-2025-65082 [3] https://security-tracker.debian.org/tracker/CVE-2025-66200 https://www.cve.org/CVERecord?id=CVE-2025-66200 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---
- To: 1121926-close@bugs.debian.org
- Subject: Bug#1121926: fixed in apache2 2.4.66-1~deb13u1
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 01 Jan 2026 11:32:05 +0000
- Message-id: <E1vbGuT-0000000AVan-2DSI@fasolo.debian.org>
- Reply-to: Yadd <yadd@debian.org>
Source: apache2 Source-Version: 2.4.66-1~deb13u1 Done: Yadd <yadd@debian.org> We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1121926@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd <yadd@debian.org> (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 05 Dec 2025 19:52:34 +0100 Source: apache2 Architecture: source Version: 2.4.66-1~deb13u1 Distribution: trixie Urgency: medium Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Yadd <yadd@debian.org> Closes: 1121926 Changes: apache2 (2.4.66-1~deb13u1) trixie; urgency=medium . * Team upload * New upstream version (Closes: #1121926, CVE-2025-55753, CVE-2025-58098, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200) * Update test framework Checksums-Sha1: acb98606fc7b4e02be0cbeadfe99cbbcf09bf7d1 3526 apache2_2.4.66-1~deb13u1.dsc 9a2de37ab3a9e4603a0a98f4e2255a6bfed005d4 9828043 apache2_2.4.66.orig.tar.gz a0525bf2f2f51a508b61d7d78e3dca19276de0d0 833 apache2_2.4.66.orig.tar.gz.asc d18807dcfaea45a1ef1ee9a845fd0b1d42094613 827460 apache2_2.4.66-1~deb13u1.debian.tar.xz Checksums-Sha256: fab2538e4f04d341e7243297e79de00f3313e382c606fc9ce39f88510e1844df 3526 apache2_2.4.66-1~deb13u1.dsc 442184763b60936471b88a91275f79d2407733b7aac27e345f270e8bc31c3d49 9828043 apache2_2.4.66.orig.tar.gz d39cdcb8d723e3c5bd4edc1e248d52c4fd352fb10eeda91cae973b12325605bc 833 apache2_2.4.66.orig.tar.gz.asc 55e1fa97dcfdcc3dd84d568e63423d5a1a34cac1517acd72bab0bb0c2586ea05 827460 apache2_2.4.66-1~deb13u1.debian.tar.xz Files: 9e2c7e46507a06fb95393227eb8c2425 3526 httpd optional apache2_2.4.66-1~deb13u1.dsc 91b20bb90cf7d1eeb225e5b7246ce93d 9828043 httpd optional apache2_2.4.66.orig.tar.gz 2823799bf1d4b8e771a672d1d6f6ce60 833 httpd optional apache2_2.4.66.orig.tar.gz.asc 0ad552ee93e923d60b6317b38eccf31f 827460 httpd optional apache2_2.4.66-1~deb13u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmlQ/bkACgkQ9tdMp8mZ 7ukH1g/+IvEu8PC1QjyZsBnSldtg3hyfph+dcjWSuvcN/qL7a8PDADqqX7e5xxSZ 5y0jbY1FlZt2DLahXnd1felawpNZL/hcs0myZPzx9DB+G1SRwqkRYiJ86NevWg6N jOK9PnwZSNOGx2WSk2njZgOMU7ZSVzELt9S6d4/45g+z7NXCJhM3czoLjuUzoimx EUzKQt8FhYy0c5haCNwrZZQP/HgQBxSmYhxINDTYc6wPcqYPn0yXchpl5bKgzMqU qouL5hirtoplsP3bdQzzrzxmZmw46k3Da/axMGJYmhNQ407VbFbM2gq1vPbO5wN1 TtkXMeKm+Tgc16DrAOgmXaz2zbbTttRY39fXKr4WOR16DH3CE7u1HzTZcTbK4MAl 1wcbfIrLVZ7FZBIolVHAnyabp+f1lCq3FVHVXsE7D7ZBG8Xe7yrPu6ub+LY7ZEW3 7ydCVOCzwd3JasKAF9M8qkEVjtd5MB0CQMkzXKhapgit/kuTBJfqiBdFwdrqdVcK vXPkpo/IcUyq6P/hmnbtLw7lE/e3Cpn7G3jFVg/tXdbbsN8VWOVJdSl1mo/i2uDO X4ZO5okGtzOFUfDmS9AGQbD+DYMSPoU3sN7LzMWq+sCxEIMkKwuVgE0mli5JI/Np Nknn+rstszDXk8zPz3m5i7rN3+Drc3nW2pPJpXmVWlQ1aLZ/2Bg= =XXxQ -----END PGP SIGNATURE-----Attachment: pgpc1TWAVygDT.pgp
Description: PGP signature
--- End Message ---