Re: Bug#1068412: apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709

To: debian-lts@lists.debian.org
Subject: Re: Bug#1068412: apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709
From: Yadd <yadd@debian.org>
Date: Fri, 19 Apr 2024 08:27:51 +0400
Message-id: <[🔎] d7da8001-aacc-4a6b-8046-c758d3f1402d@debian.org>
In-reply-to: <[🔎] e27810e6f1bd0121078b8d381acb36bd3b74bc01.camel@debian.org>
References: <Zg72lho/Sw657Uq7@pisco.westfalen.local> <0a324655-b9e2-49a0-b7d8-efd0da7e843f@debian.org> <ZiADgxqtUQl3Npq0@pisco.westfalen.local> <[🔎] 7adc6f45-a4af-4a36-a854-b2eb01641d6d@debian.org> <[🔎] e27810e6f1bd0121078b8d381acb36bd3b74bc01.camel@debian.org>

On 4/18/24 22:26, Markus Koschany wrote:

Hi,

Am Donnerstag, dem 18.04.2024 um 12:15 +0400 schrieb Yadd:


   - update Buster/apache2 to 2.4.59-1~deb10u1. I prepared a branch:
     buster-security-follow-upstream (to be tested)


I believe this is the safest and best way to address those problems in Buster.

Regards,

Markus

If someone wants to test it, I built packages for amd64 here:https://people.debian.org/~yadd/apache/ , build and autopkgtest are OK


If nobody disagree, I will push this on Buster LTS next week.

Best regards,
Yadd

Reply to:

Follow-Ups:
- Re: Bug#1068412: apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709
  - From: Yadd <yadd@debian.org>

References:
- Re: Bug#1068412: apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709
  - From: Yadd <yadd@debian.org>
- Re: Bug#1068412: apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709
  - From: Markus Koschany <apo@debian.org>