-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 05 Jun 2026 12:55:53 +0200
Source: apache2
Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: arm64
Version: 2.4.67-1~deb12u3
Distribution: bookworm-security
Urgency: medium
Maintainer: arm64 Build Daemon (arm-conova-04) <buildd_arm64-arm-conova-04@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Changes:
 apache2 (2.4.67-1~deb12u3) bookworm-security; urgency=medium
 .
   * Fix CVE-2026-49975 (HTTP/2 Bomb)
     The bomb targets HPACK, HTTP/2's header compression
     scheme: one byte on the wire becomes one full header
     allocation on the server, repeated thousands of times
     per request. The hold is a zero-byte flow-control
     window that keeps the server from ever freeing any of it.
Checksums-Sha1:
 bcb2c74bf48c4f3e81f9b74b1e594128199b8d9b 3773564 apache2-bin-dbgsym_2.4.67-1~deb12u3_arm64.deb
 19a9e2b1a8d6d2a61b8270c2381a0f31ac80fbb2 1292168 apache2-bin_2.4.67-1~deb12u3_arm64.deb
 a743196e3a2ed17e79f3c4424a641c1dac0a1c1b 323084 apache2-dev_2.4.67-1~deb12u3_arm64.deb
 9d5fe830df1f91ca2c67d11f2fad5662543ce7d5 3140 apache2-ssl-dev_2.4.67-1~deb12u3_arm64.deb
 8be406642b5c9365b1b9c857a738669352b39676 12484 apache2-suexec-custom-dbgsym_2.4.67-1~deb12u3_arm64.deb
 26f6169954323a012652e4049069495a28cd109a 150356 apache2-suexec-custom_2.4.67-1~deb12u3_arm64.deb
 c623e8dbe177f4b94909285552c752d88131786b 11340 apache2-suexec-pristine-dbgsym_2.4.67-1~deb12u3_arm64.deb
 a769976d7d0bfd8bb5e5645989d5c78353b5193a 148832 apache2-suexec-pristine_2.4.67-1~deb12u3_arm64.deb
 22800cc99274abde66d56ed23f902997703e08ef 117692 apache2-utils-dbgsym_2.4.67-1~deb12u3_arm64.deb
 be97b8019920a29d29e5a0c9b8dbc57615365f03 213524 apache2-utils_2.4.67-1~deb12u3_arm64.deb
 d5ff40729794409333ef3061f04fd291da49bc51 11900 apache2_2.4.67-1~deb12u3_arm64-buildd.buildinfo
 dd1da742dd327e2e5d3a82b51744bddb46edfe2d 231036 apache2_2.4.67-1~deb12u3_arm64.deb
 337eab8a600b43285fa7297cd1111c300f36b55c 956 libapache2-mod-md_2.4.67-1~deb12u3_arm64.deb
 656fa68510725a8ced9b1d15acf06a1375d2df06 1136 libapache2-mod-proxy-uwsgi_2.4.67-1~deb12u3_arm64.deb
Checksums-Sha256:
 081dce14f579fde38e74a39b44f1cac59fef1afd1801aa36aa97c56e769ccc71 3773564 apache2-bin-dbgsym_2.4.67-1~deb12u3_arm64.deb
 86662e2b560d5abef42fb4900b04565f1175df6b48107a04910a3508f9cd0913 1292168 apache2-bin_2.4.67-1~deb12u3_arm64.deb
 7efc3e18af7ef536061f5c15e96aa0489bc60c07ac638b7c2e813022ccfeae2f 323084 apache2-dev_2.4.67-1~deb12u3_arm64.deb
 010eaa7fcfdc9ee3d345b18d6710c25d75e83a383eba21c6a12de54e60c00d8b 3140 apache2-ssl-dev_2.4.67-1~deb12u3_arm64.deb
 541137f983c683d14a8d909e289e87d3d275adf47483258b43e28249960df31b 12484 apache2-suexec-custom-dbgsym_2.4.67-1~deb12u3_arm64.deb
 6e5a72165564b8ab50ad344ce89babb88730a358bbd99622f3e01fbd707aef30 150356 apache2-suexec-custom_2.4.67-1~deb12u3_arm64.deb
 2d87c83be6157d413b637336ec0a094422fd38830192bdbf6b1357e8891d54a6 11340 apache2-suexec-pristine-dbgsym_2.4.67-1~deb12u3_arm64.deb
 357c449efd1dd41303976bd32af3a6c33a002c5224a33ebe5980ba385d7a03be 148832 apache2-suexec-pristine_2.4.67-1~deb12u3_arm64.deb
 2a26db48358b023c3cae65ca5bfa08257dda14d931ccebf724c1a27ba17b9a2d 117692 apache2-utils-dbgsym_2.4.67-1~deb12u3_arm64.deb
 d30da7c30bdddb10b8b3ebc075071517e5795c6e997a6edb9513caf48ffe08e0 213524 apache2-utils_2.4.67-1~deb12u3_arm64.deb
 1adfbc96b1c725240ece2dad8b83eeba85af19104b5fb8b905f422c7775fdf51 11900 apache2_2.4.67-1~deb12u3_arm64-buildd.buildinfo
 5c7863e55533a1b3a6936a51801c34168f82e63a6ec02a30ff8d261b49dc4bfe 231036 apache2_2.4.67-1~deb12u3_arm64.deb
 07d054f11403bd3761556614c797b8653e96bb1d44a11dc6a4fc2474bb2ea28b 956 libapache2-mod-md_2.4.67-1~deb12u3_arm64.deb
 00299eeb751d0441b0d3c7e5b0c92e32a534c0d010898fff4c8f47a6f14c9a39 1136 libapache2-mod-proxy-uwsgi_2.4.67-1~deb12u3_arm64.deb
Files:
 4a76929a395f94d1ad549f2d8269bdc0 3773564 debug optional apache2-bin-dbgsym_2.4.67-1~deb12u3_arm64.deb
 c9264e4a34ce80116f03547a45c45c22 1292168 httpd optional apache2-bin_2.4.67-1~deb12u3_arm64.deb
 defb25f35fb0132913a133e64bae2a3b 323084 httpd optional apache2-dev_2.4.67-1~deb12u3_arm64.deb
 5dc8807e4b0dfc78244c8e1e2251b123 3140 httpd optional apache2-ssl-dev_2.4.67-1~deb12u3_arm64.deb
 4a889c6381b8948a4e59859d5118ba69 12484 debug optional apache2-suexec-custom-dbgsym_2.4.67-1~deb12u3_arm64.deb
 65d510f9066040c0c6496cb24dcb909d 150356 httpd optional apache2-suexec-custom_2.4.67-1~deb12u3_arm64.deb
 824ab753aaa02ab420c090a845e5698a 11340 debug optional apache2-suexec-pristine-dbgsym_2.4.67-1~deb12u3_arm64.deb
 5a311310c9420d735bd011d21b2a344d 148832 httpd optional apache2-suexec-pristine_2.4.67-1~deb12u3_arm64.deb
 f1c6679d6b496c9f3ef03afb558ee888 117692 debug optional apache2-utils-dbgsym_2.4.67-1~deb12u3_arm64.deb
 08acc0697e85aedfea953e961e14a913 213524 httpd optional apache2-utils_2.4.67-1~deb12u3_arm64.deb
 6c630d236a0859e6ddcd78ce47fb5727 11900 httpd optional apache2_2.4.67-1~deb12u3_arm64-buildd.buildinfo
 b425c32287673030c1afdccbfc4000ae 231036 httpd optional apache2_2.4.67-1~deb12u3_arm64.deb
 36349456a7f17705dfa3a76b62a78a65 956 oldlibs optional libapache2-mod-md_2.4.67-1~deb12u3_arm64.deb
 65bf42e9767130173ea651842102bb80 1136 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.67-1~deb12u3_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYxmcRLDHP0tCCM0oScpU3dYulLgFAmokEugACgkQScpU3dYu
lLiogQ//fMlYwISxOjaC8eObx1GlEY5bHyv3vncuU9YIAb6KHdvUqFvWTEaBQLZs
IZ1TbRKMmBQwyyg8XHI+/1UzDro7r3noARDETBAwZmGvFy5SFPEImPMZtaZFuaVB
nqXnuVSU4igVJGei5Hym7ZJX5k2wdYmrEvLyl9An/mEWrbVmlND+nUgL6UqJ5wSR
pBdUTQUY1oF+v9qegS8uxB/uWA28dyrIoUbR1WpVEKkl7M5qwRElq9vnY8PNDKpE
tIS7W0HeQsp+pZgpFuA2DcUEC2K0n7hPZGw/Q3AaDEQkgRi0gDRPezxX1f5aiDDj
WMYd7KKyF+LTq/cvywa8+ebNugS58p0+STcZS6X0hzmm2C56kRoPlmaUHNHaP9b0
K7VXy4sSOm38RH/w9O3eaqccQJYydodW2QrQvL6IyFR3oglNTq0J92IgS+JlshzE
M6BF42F5D+7AAwMwEVoxsR3jQUbSl7fXzP79LilJzkBskpM1nBXgYXOpjUUBFeKT
CrbV75ZF+V1w9TiFlGuWjngeO+gR3tlM3AbbmWHyE4xtgFvfcnT99+v9h3YZgWgU
/FTdUhjwrOGpGHk2d31sSoVhCRatKFt3wibQLtnMmRXAIZvZ8aRVPYpHPweVmZ45
RSzjlDTctt3u1ErcDdT/wMgiKgBQt+qlFChjXsFwp+HOnN/rLoQ=
=wlPw
-----END PGP SIGNATURE-----