-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 05 Jun 2026 12:55:53 +0200
Source: apache2
Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: amd64
Version: 2.4.67-1~deb12u3
Distribution: bookworm-security
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) <buildd_amd64-x86-conova-02@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Changes:
 apache2 (2.4.67-1~deb12u3) bookworm-security; urgency=medium
 .
   * Fix CVE-2026-49975 (HTTP/2 Bomb)
     The bomb targets HPACK, HTTP/2's header compression
     scheme: one byte on the wire becomes one full header
     allocation on the server, repeated thousands of times
     per request. The hold is a zero-byte flow-control
     window that keeps the server from ever freeing any of it.
Checksums-Sha1:
 23055e89079dbc0cd53fde44e5dcde0ca8037b61 3768988 apache2-bin-dbgsym_2.4.67-1~deb12u3_amd64.deb
 f9e668147cb04515640d4d86ca1aa0d682e918ab 1402588 apache2-bin_2.4.67-1~deb12u3_amd64.deb
 0adc724d048b6cb3f5c7c23664f5631b599b41d4 323076 apache2-dev_2.4.67-1~deb12u3_amd64.deb
 dcea30153b7eea7cb03e9a267379193e21e20acf 3140 apache2-ssl-dev_2.4.67-1~deb12u3_amd64.deb
 b0bcee915dba51a0f84ff4f619790501a954672f 12392 apache2-suexec-custom-dbgsym_2.4.67-1~deb12u3_amd64.deb
 a7200a0424a75c86f7e427619c86a0e49c0eaa41 150556 apache2-suexec-custom_2.4.67-1~deb12u3_amd64.deb
 a3d9f85acd75696af472ad6b007993ad4a60b088 11216 apache2-suexec-pristine-dbgsym_2.4.67-1~deb12u3_amd64.deb
 266835827edbd3a6fd20c5a0812cb1ebb70959be 149000 apache2-suexec-pristine_2.4.67-1~deb12u3_amd64.deb
 7eb1fa5ea106785b4552093e9ff63f62febc6de7 115840 apache2-utils-dbgsym_2.4.67-1~deb12u3_amd64.deb
 96d865671ab3e7244c60b7a124fe78ea06b04659 216464 apache2-utils_2.4.67-1~deb12u3_amd64.deb
 75a44297ff88a3993bdbfd3a4d9fedfa682ef973 11885 apache2_2.4.67-1~deb12u3_amd64-buildd.buildinfo
 797def45af551669535146e4fb794ee343ae37c9 231036 apache2_2.4.67-1~deb12u3_amd64.deb
 90b6801b6d23de997dc08d80fd2f12e63730123c 956 libapache2-mod-md_2.4.67-1~deb12u3_amd64.deb
 186d02114c39afd6093a97c305bf74412bb8f8db 1136 libapache2-mod-proxy-uwsgi_2.4.67-1~deb12u3_amd64.deb
Checksums-Sha256:
 e8ad37206b4c676b1ed0ef22f5485292829c78c31b87bf916f2d6892a8b43690 3768988 apache2-bin-dbgsym_2.4.67-1~deb12u3_amd64.deb
 e5035727e9aeefe550787c53d854af7960047193eb7f92f3f0430a6175539478 1402588 apache2-bin_2.4.67-1~deb12u3_amd64.deb
 2e96e0acbb520e70a899f9104325e60b9de8417c966ee9cf814671feb3f36f7a 323076 apache2-dev_2.4.67-1~deb12u3_amd64.deb
 ce48d380d28770c2ece8769301beec334b30ae9637f58c0eb0ad947d06249149 3140 apache2-ssl-dev_2.4.67-1~deb12u3_amd64.deb
 c412eeb9fc301ff6ab2567fc03f63130eea9d2b4c8629657de0447e92a76609e 12392 apache2-suexec-custom-dbgsym_2.4.67-1~deb12u3_amd64.deb
 556630d79fb5c7ffb2e2a04bb07c6ec164d21a2d151bac2376593d6a1727e323 150556 apache2-suexec-custom_2.4.67-1~deb12u3_amd64.deb
 313d351ae201f152e45a037f8b5b837ba62d6d7b7846de749ac50c77574ae441 11216 apache2-suexec-pristine-dbgsym_2.4.67-1~deb12u3_amd64.deb
 11aa52e2a1fa4c604d8433cca0c9227d00a9fa0211c93685dec4a941b425ae92 149000 apache2-suexec-pristine_2.4.67-1~deb12u3_amd64.deb
 262033cd4d4f27874c641e1da6105795549c0fb8cd93e2d2d8721a007702b714 115840 apache2-utils-dbgsym_2.4.67-1~deb12u3_amd64.deb
 7dd2b14e3888647b246b2d5c0662ad71023b77968387b69b04096d95a9230c9a 216464 apache2-utils_2.4.67-1~deb12u3_amd64.deb
 91153ff9cc071ae0225cce6a936b41a1e90e5d6182fec7bd0edd8e479fdeb6be 11885 apache2_2.4.67-1~deb12u3_amd64-buildd.buildinfo
 1fffd7c6f68f82e47d20607254fe9fb9a1fec463475e981a4a50d652eb9f289b 231036 apache2_2.4.67-1~deb12u3_amd64.deb
 464cdbcf4df0545457ff1866dbbfd8b5ef9abf82f159c1ced201679a6d02376f 956 libapache2-mod-md_2.4.67-1~deb12u3_amd64.deb
 7975b42b97824633f49860695de2d608d13fc306e87727335465be55aa4e8966 1136 libapache2-mod-proxy-uwsgi_2.4.67-1~deb12u3_amd64.deb
Files:
 b7dd0fb432f8f190f7ffa5df86e3e0c3 3768988 debug optional apache2-bin-dbgsym_2.4.67-1~deb12u3_amd64.deb
 bf666c54ce8139dd8b5956300dd77f62 1402588 httpd optional apache2-bin_2.4.67-1~deb12u3_amd64.deb
 6dd6081aaa4eb6a75c9fe10d87697041 323076 httpd optional apache2-dev_2.4.67-1~deb12u3_amd64.deb
 a0c603e9ba5f901a9a2b05d37ac4b268 3140 httpd optional apache2-ssl-dev_2.4.67-1~deb12u3_amd64.deb
 c56de4799521bd81342fc8001508f34f 12392 debug optional apache2-suexec-custom-dbgsym_2.4.67-1~deb12u3_amd64.deb
 22e68069b4a32f552ec32658a4aff239 150556 httpd optional apache2-suexec-custom_2.4.67-1~deb12u3_amd64.deb
 180db80dab35468c6639fa3e1e686f38 11216 debug optional apache2-suexec-pristine-dbgsym_2.4.67-1~deb12u3_amd64.deb
 7cde45589a4409a2e9b68dabda8a2064 149000 httpd optional apache2-suexec-pristine_2.4.67-1~deb12u3_amd64.deb
 6944f82acde8db6e3ff45dabe79429c9 115840 debug optional apache2-utils-dbgsym_2.4.67-1~deb12u3_amd64.deb
 1f99437e9d6a333806c0cb8594e244d2 216464 httpd optional apache2-utils_2.4.67-1~deb12u3_amd64.deb
 57c16aefb75cc4e0049446d4feb80157 11885 httpd optional apache2_2.4.67-1~deb12u3_amd64-buildd.buildinfo
 a340c38457966e3b1dd2af44b228503a 231036 httpd optional apache2_2.4.67-1~deb12u3_amd64.deb
 498cc1917015de1265f7d3b53462a62b 956 oldlibs optional libapache2-mod-md_2.4.67-1~deb12u3_amd64.deb
 4bc30b2a2725ed9d37d60941ed636061 1136 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.67-1~deb12u3_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE+i/sCsF3puL4e7qIGNGWmfrqILEFAmokEvsACgkQGNGWmfrq
ILG57A/8DWfaw9koLACUiInnhCKi8Vl1ho2OD3XiqNxVep/EXXhF6uuRl7OWQsVN
E4PbfiEQlu5+qTBCiTOFEH6U2gYRLN9S74eitv4CgLnoV1ooVYQBu5xcQDeZsPzd
5WLtP1PIqHiD1qv0fQWH1ELhPkT2Q64ogIq+gcWb5A3YezP3s5ASBqMzLuVB5MbW
w0mJBuZd+w1oi/jUXqFiwFaVM3TFZ7sVByERAnqvgRDhKikRvNtaNoMZf1DZlIN6
mDkvJemDBFXkV/gIBxpX9Tkr9NeXcozWXoI+bfM+s9zFz6dz1EqA1kDHMXx5hLUa
FGwScKVgwJ7dN66n4DkD9ZVhvCwUk5aRU93Ew3i0u8pdf3O9en8hrwgz+6hxvmou
Bvpott9fgglnpFFtl7zt0buXxN9UcXJ23ijLORjkW8JA+cj+nQ8gAWFkXbRX08i9
jR07qBLu2piYirFnEuCCIc6njRDzxBSTtmNmt47uiWwNMxPW3smALgn7nRws71LR
wR8EG86909ym/i4U/nc/tls3dUyTVTxxiVCKvgg2cea/gEVAb0FZBsqiJrygv9SO
6R3k5Oe5jnC/sbMB9l2r2nk7kkpJEqzJDEIYqNd478ionGXQ8KvHoYEX8gGMavkL
hYhx97ABNSCwaieo2hQxDhrURyVWxp0uIVwvJoBdCyhStYiIOTc=
=Faep
-----END PGP SIGNATURE-----