-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 05 Jun 2026 12:55:53 +0200
Source: apache2
Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: i386
Version: 2.4.67-1~deb12u3
Distribution: bookworm-security
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) <buildd_amd64-x86-ubc-02@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Changes:
 apache2 (2.4.67-1~deb12u3) bookworm-security; urgency=medium
 .
   * Fix CVE-2026-49975 (HTTP/2 Bomb)
     The bomb targets HPACK, HTTP/2's header compression
     scheme: one byte on the wire becomes one full header
     allocation on the server, repeated thousands of times
     per request. The hold is a zero-byte flow-control
     window that keeps the server from ever freeing any of it.
Checksums-Sha1:
 3e1caa6f4fb297d156d4bbdfcba4c31ca2e585a9 3266844 apache2-bin-dbgsym_2.4.67-1~deb12u3_i386.deb
 4f9ac9fa9a4f65ca4e6fe3c2f56ca15aeb858bd3 1469060 apache2-bin_2.4.67-1~deb12u3_i386.deb
 252c6f9379dbaa86c0daf215a314136e77527995 323092 apache2-dev_2.4.67-1~deb12u3_i386.deb
 48a3230202e102733a07e5ccdba3689e2999d3c4 3136 apache2-ssl-dev_2.4.67-1~deb12u3_i386.deb
 07c7797abf28ae2b03999a80525c9d2dcbace3d7 11272 apache2-suexec-custom-dbgsym_2.4.67-1~deb12u3_i386.deb
 2e58375c0bd36eb5c527734fe3f2a130765c0750 150508 apache2-suexec-custom_2.4.67-1~deb12u3_i386.deb
 5f994dd7aed81a13f24654bd3180cdc76c681791 10108 apache2-suexec-pristine-dbgsym_2.4.67-1~deb12u3_i386.deb
 5b88be8411cfb46a1f6825fc28179db559ec8952 148964 apache2-suexec-pristine_2.4.67-1~deb12u3_i386.deb
 d778e638f16ad61218b6d3660a741d94380a61ed 107932 apache2-utils-dbgsym_2.4.67-1~deb12u3_i386.deb
 9b7830271a0b6f58062e3fcd947423c520d6c4b5 221420 apache2-utils_2.4.67-1~deb12u3_i386.deb
 fa72aca8487f45dc98648e42b6db8698f564a595 11776 apache2_2.4.67-1~deb12u3_i386-buildd.buildinfo
 a7ecfa5a6e37a578d50ea6d6bfde86e9590485b9 231036 apache2_2.4.67-1~deb12u3_i386.deb
 4c8a0129b321a1a89233cc189aacf36fdabfa5bd 956 libapache2-mod-md_2.4.67-1~deb12u3_i386.deb
 c7f9d404be3a8e888807f2936fb211f96aa56046 1132 libapache2-mod-proxy-uwsgi_2.4.67-1~deb12u3_i386.deb
Checksums-Sha256:
 975b2aa219e8d8a69de5811cfc8a87efb519ef6b915e3c2fad260ebe760008c7 3266844 apache2-bin-dbgsym_2.4.67-1~deb12u3_i386.deb
 1fd8d564796597bc94fae81741c40b26028f2ab6f22386972d54d8d1fd3872b2 1469060 apache2-bin_2.4.67-1~deb12u3_i386.deb
 00eb498c122cce12b6c9f25a70e600d47e07fc247aed1ff99a95d288d75e6438 323092 apache2-dev_2.4.67-1~deb12u3_i386.deb
 ddecd18e906282e7c2fdf2d8c81d883163a9515e408d8738bfc407002c2173f5 3136 apache2-ssl-dev_2.4.67-1~deb12u3_i386.deb
 bef998e45ab44d98aae53e5a359ae564bbe61f0a80bf4c7ef7a2adb061d12c9a 11272 apache2-suexec-custom-dbgsym_2.4.67-1~deb12u3_i386.deb
 9e171116e50b85918d1369bb73d0a1acbf3aea5062b2ef7eaf37e565b280e212 150508 apache2-suexec-custom_2.4.67-1~deb12u3_i386.deb
 3dd6401ebb22f08b6ffd51d1e0b9f36eed79e3828f231f69bc29e952b29563a9 10108 apache2-suexec-pristine-dbgsym_2.4.67-1~deb12u3_i386.deb
 d9f6c11bb7df551f082414e298c4a12c1b5682c40f9ffa475b4f5d3f96493d68 148964 apache2-suexec-pristine_2.4.67-1~deb12u3_i386.deb
 f8039b0f571275d83fc31357f27a456f70e5ef7577bd7db210395ff31409903d 107932 apache2-utils-dbgsym_2.4.67-1~deb12u3_i386.deb
 e4e6812b6e376e3dd4b957dd3badeb703e2a950fdcedc25273e688d9a53565ae 221420 apache2-utils_2.4.67-1~deb12u3_i386.deb
 aed480f9eb1e894dcfc7baf75ee2ece4d30520b348a360436c01fcf9f46b036a 11776 apache2_2.4.67-1~deb12u3_i386-buildd.buildinfo
 f13dd4594416f2981facf9f46a5662230dbb310bb7bb86606982937ea090ae3b 231036 apache2_2.4.67-1~deb12u3_i386.deb
 02ac45d35443248987b77e29b93d3842c67b48a89382ba6d16ff868288411b97 956 libapache2-mod-md_2.4.67-1~deb12u3_i386.deb
 ce29d4b75802b96ece502a99bc21f75831a7d19771da38501f13fc8c192e8a25 1132 libapache2-mod-proxy-uwsgi_2.4.67-1~deb12u3_i386.deb
Files:
 d0af2c612901beddf26e65727770f98e 3266844 debug optional apache2-bin-dbgsym_2.4.67-1~deb12u3_i386.deb
 361badd785e662f8ddce6e735d4c0aa8 1469060 httpd optional apache2-bin_2.4.67-1~deb12u3_i386.deb
 7dfd415d5e24c2f71d446792fe844f64 323092 httpd optional apache2-dev_2.4.67-1~deb12u3_i386.deb
 929449cdf8bf6bced2904cfb6a1f40b0 3136 httpd optional apache2-ssl-dev_2.4.67-1~deb12u3_i386.deb
 830171f513246ba8c2d4b7928de9b5a2 11272 debug optional apache2-suexec-custom-dbgsym_2.4.67-1~deb12u3_i386.deb
 f619daa35681bdb346b675d67d681468 150508 httpd optional apache2-suexec-custom_2.4.67-1~deb12u3_i386.deb
 7ff7fd2799332dc24fac574aa6a6a616 10108 debug optional apache2-suexec-pristine-dbgsym_2.4.67-1~deb12u3_i386.deb
 66261615a19ea525d1ec69a5574a936f 148964 httpd optional apache2-suexec-pristine_2.4.67-1~deb12u3_i386.deb
 19c5e1bf4580844419459a03d966145d 107932 debug optional apache2-utils-dbgsym_2.4.67-1~deb12u3_i386.deb
 be74e8a7867ba3b86cc376913e862352 221420 httpd optional apache2-utils_2.4.67-1~deb12u3_i386.deb
 18a1fea7cd2a8e62d041a68fd4f30dd1 11776 httpd optional apache2_2.4.67-1~deb12u3_i386-buildd.buildinfo
 f02a148f9a9f920d03c484df8a21cef8 231036 httpd optional apache2_2.4.67-1~deb12u3_i386.deb
 b08d1de28832306f6a18558201682b6d 956 oldlibs optional libapache2-mod-md_2.4.67-1~deb12u3_i386.deb
 e06c3b1c88defdefb7a702d11c0dbde5 1132 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.67-1~deb12u3_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEb5EwsJvHBEjqIJYIbheoBegwXLIFAmokEw0ACgkQbheoBegw
XLIkBRAAjNd2AyOjXbwS7hfHNsJEEatjMnBASnWmMMJzV0Ph+6zmUpJU7r7s4EpI
UESHP7+Gadem8ZNrqmeVH6eJaIpNcwKQaz+ktpx0zd49KMWNAAT/GFyYTlSARcqb
/12/Y9fyn/Qq7Dz+JxWELWkC3LCEZz2T9yneygdjcx5joFRo8hXfBh3aw4OHw+zC
Wh27Hn3yCh2Fj9NR13a1jVDoAHQGR3ilRIrRBjOCi6D7HXB7h6kYP4OIssdZCTTJ
9cY6+QBbYejZG92J5nLaofvZ7HhYwtXm/0mnGMhaAUAVYcPqAeMUacy7VgNUAGDm
uV0pY8MMhNJEg5GffSM2S42NUY7s8txjUbB42ODZ1mQZkcvu/BA8yTpnAS8Q2XVn
pz1qjQ6CyJplq5yvm/525qmUPC35rAqQyGRQBobpwk+NzVsLSXFf6fbZKnWKb50I
d/DG7n4or37a2jX5xe51u4hzo3C/eqTRjxUqX4vSnaVOWMIQWm3AYJ6T/jEWpV3M
7XiNRAYfChi/fbkCxMkXIJMnnCjZRZrmy0meMWi+V9U69d0ZGtgxTp/B7zURvwsn
u4Umd41X95zwnJAirETYDRbLKdMdiRr+Fivp0QObLXJVrXv3TiFzwRn3UMSGAv/C
s83zGi1hKwBij2yDmzg5VN819yjN66nLMEVH98qDfKuC591KGeo=
=Q7Eq
-----END PGP SIGNATURE-----