Your message dated Thu, 01 Jan 2026 13:02:25 +0000 with message-id <E1vbIJt-0000000AmGz-1iP4@fasolo.debian.org> and subject line Bug#1121926: fixed in apache2 2.4.66-1~deb12u1 has caused the Debian Bug report #1121926, regarding apache2: CVE-2025-55753 CVE-2025-58098 CVE-2025-65082 CVE-2025-66200 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1121926: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apache2: CVE-2025-55753 CVE-2025-58098 CVE-2025-65082 CVE-2025-66200
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Thu, 04 Dec 2025 21:12:45 +0100
- Message-id: <176487916596.668326.432902117290093049.reportbug@eldamar.lan>
Source: apache2 Version: 2.4.65-2 Severity: important Tags: security upstream X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org> Hi, The following vulnerabilities were published for apache2. CVE-2025-55753[0]: | mod_md (ACME), unintended retry intervals CVE-2025-58098[1]: | Server Side Includes adds query string to #exec cmd=... CVE-2025-65082[2]: | CGI environment variable override CVE-2025-66200[3]: | mod_userdir+suexec bypass via AllowOverride FileInfo If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-55753 https://www.cve.org/CVERecord?id=CVE-2025-55753 [1] https://security-tracker.debian.org/tracker/CVE-2025-58098 https://www.cve.org/CVERecord?id=CVE-2025-58098 [2] https://security-tracker.debian.org/tracker/CVE-2025-65082 https://www.cve.org/CVERecord?id=CVE-2025-65082 [3] https://security-tracker.debian.org/tracker/CVE-2025-66200 https://www.cve.org/CVERecord?id=CVE-2025-66200 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---
- To: 1121926-close@bugs.debian.org
- Subject: Bug#1121926: fixed in apache2 2.4.66-1~deb12u1
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 01 Jan 2026 13:02:25 +0000
- Message-id: <E1vbIJt-0000000AmGz-1iP4@fasolo.debian.org>
- Reply-to: Yadd <yadd@debian.org>
Source: apache2 Source-Version: 2.4.66-1~deb12u1 Done: Yadd <yadd@debian.org> We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1121926@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd <yadd@debian.org> (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 05 Dec 2025 19:54:44 +0100 Source: apache2 Architecture: source Version: 2.4.66-1~deb12u1 Distribution: bookworm Urgency: medium Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Yadd <yadd@debian.org> Closes: 1121926 Changes: apache2 (2.4.66-1~deb12u1) bookworm; urgency=medium . * Team upload * New upstream version (Closes: #1121926, CVE-2025-55753, CVE-2025-58098, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200) * Update test framework Checksums-Sha1: 42573dfbd51f6ab9c916fc900b2033a45afb6f41 3559 apache2_2.4.66-1~deb12u1.dsc 9a2de37ab3a9e4603a0a98f4e2255a6bfed005d4 9828043 apache2_2.4.66.orig.tar.gz a0525bf2f2f51a508b61d7d78e3dca19276de0d0 833 apache2_2.4.66.orig.tar.gz.asc abde516853aa8920c777654537708269fd4fc161 823552 apache2_2.4.66-1~deb12u1.debian.tar.xz Checksums-Sha256: 5ce3d088af4de289c51930ed2608e3b0dac3d1d2201f3046e2685fae12076e6a 3559 apache2_2.4.66-1~deb12u1.dsc 442184763b60936471b88a91275f79d2407733b7aac27e345f270e8bc31c3d49 9828043 apache2_2.4.66.orig.tar.gz d39cdcb8d723e3c5bd4edc1e248d52c4fd352fb10eeda91cae973b12325605bc 833 apache2_2.4.66.orig.tar.gz.asc 7c304ca6549f504144fcf728880639f30c17262aa4eb4db0bf6f0ab59a32bf4b 823552 apache2_2.4.66-1~deb12u1.debian.tar.xz Files: f4ffec9f17d71ecd2bdd2045c1c246f9 3559 httpd optional apache2_2.4.66-1~deb12u1.dsc 91b20bb90cf7d1eeb225e5b7246ce93d 9828043 httpd optional apache2_2.4.66.orig.tar.gz 2823799bf1d4b8e771a672d1d6f6ce60 833 httpd optional apache2_2.4.66.orig.tar.gz.asc 9b34b2d385c936d9c31603c8d0477e4f 823552 httpd optional apache2_2.4.66-1~deb12u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmlQ/10ACgkQ9tdMp8mZ 7ukx9g/8DxkZUuMRExuWWjOcnUjlhNWlvkmcIYVVRg3vR/qctXMN21Tcg+vzYKlo 4RIp97DjHxVlysPIDnnkobniruJtWzQqY3ovPMK+7lnCXkslyQo/XjMoXM8tDDH5 j+QFJKrKIsB+hqtZA2xMs2I6FAHMloqVaMzC8IlohfFVReKyq30VRQOOzWSoue7l Jihc1eI8us2C0YAU23eS0pxshykfKAwdhuakr3PkDUxU3WbB8E6Wd8VMtGBhSzv3 vV2+GWlEob83yDMkT3vZPhyr6nfoHAkXwtiYpCzJz/d0IepgH3qha1h9crcM1mHa AaKhj8G5WY+5UMYeJFK2K5T/PuDOaxe4kh1e22QMQFbi5DUr9uWTlbluKwJM+Njk z298SJ0onodSLO8sG0dSlzK6Csszj9gbpP3W3sUrvHpCkEmRiG0XI5YDXKL2jgb1 P86Clxn8MwtFm6lAukDCr6R8cPWwj+uS0+T01NcwwveHT576LQj/Du1SNeI9d1B0 GGFe8THGmfMcfxkhLdLfBCDL2mCz82D94dlWO6+WzpRSIoW8ibFpkAWoo3J3w+G4 GL8UWpAZz2c89A5j09u9WJQODgkpkbteSQznASEeW5pytR22545pWAmc1SyCCQb/ deodEM6oA3EBd7M1hPJOkUUM2c8swnA6wW5xPkr07Ogrkp3He44= =IzYe -----END PGP SIGNATURE-----Attachment: pgpPNgnb5wPqS.pgp
Description: PGP signature
--- End Message ---