[SECURITY] [DLA 4158-1] fossil security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4158-1] fossil security update
From: Sylvain Beucler <beuc@beuc.net>
Date: Fri, 9 May 2025 14:24:35 +0200
Message-id: <[🔎] aB30Awf9Y3x5UxUP@mail.beuc.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4158-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Sylvain Beucler
May 09, 2025                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : fossil
Version        : 1:2.15.2-1+deb11u1
Debian Bug     : 1070069

Fossil is all-in-one DSCM (Distributed Software Configuration
Management) with built-in bug tracking, wiki and web interface.
Following the fix for CVE-2024-24795 for apache2, the fossil HTTP
client could no longer clone remote Fossil repositories hosted on
fixed Apache servers.

For Debian 11 bullseye, this problem has been fixed in version
1:2.15.2-1+deb11u1.

We recommend that you upgrade your fossil packages.

For the detailed security status of fossil please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/fossil

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmgd85UACgkQDTl9HeUl
XjAasA//WsptQtyAjjvvorCvZ9qPMNVu6WAqmsYpYEWILMIhPg64gSiDblUx2y8q
WMygMgSAOZS9kbs837Jg/n80ffGK9+nU6u0bsvLTzgvAChc0tEj1KS7KdRFvtw1B
UE11/Ou1vzK7T6csmg9bEuzxOWl92l/JwrpiM/zu96Jpj4UKlr59DktSwFIOyHXj
W8OZ2pbh9R3+5iQH9qb4mu2kkS9FE39dO/FXvFrKZnBnVTCHyPgAYFy/nYgBgEnK
RhBY75Lf6u2OLAurt8tAiZ2sfoq+XkUpcmuNJlG2hXrgiroZ6bo/8jXWFU1UXLqY
sn7uER9UsywzWot+lXjoHygWgZA9Z7teP3f3iRaUewDmmouMj2jzygFkMa2It9X/
K8o2on01iflro/PRFWgdBsOUHR4UNMZuwS0H1RH0yLbs2affrbb7x13e+eEzU2Gf
dkJpEu+TersG3gtFJLvtnqVpEYVvY7EGazhWLrAUT5kUaMCwNveANrPCJIEC90fR
5PPZeTW7VOOTCFXPjtN3OTKSWgwa5pAaYbWQmVOa8GoCqFcwycA98TY0rkXK0+cF
bYoJq61vvRPgLdXnjLumFlS9nwSGimgzZW3nBn6DU+W+WNuzPbm2dZhn4R67HnTs
+MwsN5463oJ6z5U+xfN3Ihki+BbxTPiR1UXV1wDG29DhWJEPP/k=
=dLQk
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4157-1] request-tracker4 security update
Next by Date: [SECURITY] [DLA 4159-1] postgresql-13 security update
Previous by thread: [SECURITY] [DLA 4157-1] request-tracker4 security update
Next by thread: [SECURITY] [DLA 4159-1] postgresql-13 security update
Index(es):
- Date
- Thread