-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 05 Jun 2026 12:55:53 +0200 Source: apache2 Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym Architecture: amd64 Version: 2.4.67-1~deb13u3 Distribution: trixie-security Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: Bastien Roucariès Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.67-1~deb13u3) trixie-security; urgency=medium . * Fix CVE-2026-49975 (HTTP/2 Bomb) The bomb targets HPACK, HTTP/2's header compression scheme: one byte on the wire becomes one full header allocation on the server, repeated thousands of times per request. The hold is a zero-byte flow-control window that keeps the server from ever freeing any of it. Checksums-Sha1: f2295e4b52e6997e50cfb9e7b4519c4b072dacbc 3803936 apache2-bin-dbgsym_2.4.67-1~deb13u3_amd64.deb 27fb6962e8ee26f8c507e45559d9cf703c2b9d3e 1411480 apache2-bin_2.4.67-1~deb13u3_amd64.deb 7199a1068ca26e156aa44e8864a0e2d76177e80f 323112 apache2-dev_2.4.67-1~deb13u3_amd64.deb 04510c4855af78fd96ee629fd635a885e79d7e5d 3140 apache2-ssl-dev_2.4.67-1~deb13u3_amd64.deb 66a9c2eaa7a045985cbb78b2ce9ccd2bf97c9181 12364 apache2-suexec-custom-dbgsym_2.4.67-1~deb13u3_amd64.deb 19ee6fe8eb328e36e1c2ff71b9e9e5e6bfa5ed50 151668 apache2-suexec-custom_2.4.67-1~deb13u3_amd64.deb 141b9e1fc641f367d2b692161ef25c3d49035e3d 11068 apache2-suexec-pristine-dbgsym_2.4.67-1~deb13u3_amd64.deb e20f6eeb417fd929aa0b4e7e5790f405a02034f6 150116 apache2-suexec-pristine_2.4.67-1~deb13u3_amd64.deb 05c514556ff6db7fe09408f42281ea59d1f247d8 116004 apache2-utils-dbgsym_2.4.67-1~deb13u3_amd64.deb 302723fbb81fdbae251e95c8d792e3a397db2bd7 217764 apache2-utils_2.4.67-1~deb13u3_amd64.deb f72facc285f3b7407c26321b8b294e4e4d3a95ab 11882 apache2_2.4.67-1~deb13u3_amd64-buildd.buildinfo cf65ffab9799c95b05ef1dedfdea1d9cd261fa02 226264 apache2_2.4.67-1~deb13u3_amd64.deb Checksums-Sha256: b79c4fa353872a33254434ae55cfd384950cf1a4c3c46f64d592bb9798590ac8 3803936 apache2-bin-dbgsym_2.4.67-1~deb13u3_amd64.deb 7249d5545c02034bebb58202deb2b3d18fd3c3ec7f17b357a90bb0b3e49e707d 1411480 apache2-bin_2.4.67-1~deb13u3_amd64.deb 1fa7380775448021b737bc6756beed0780f27ac65287d99d62b08fa1fd2d6ed0 323112 apache2-dev_2.4.67-1~deb13u3_amd64.deb cff99ee31cd7e112518471575d40e5c7e53d72ada9ed630e7b4e37142eecac68 3140 apache2-ssl-dev_2.4.67-1~deb13u3_amd64.deb 12cf89378820fee84e7b82563d24e28475567cfa0325ce06bd99eae59203f8ca 12364 apache2-suexec-custom-dbgsym_2.4.67-1~deb13u3_amd64.deb feb1b2e9fd5571cb75016d16da42d7bf79f7a2e37200d9239ce30778925fc170 151668 apache2-suexec-custom_2.4.67-1~deb13u3_amd64.deb 84d82b102a2a208aff77a80a4896e3e308c5dbdfbb014b180ab2f5748e107a6c 11068 apache2-suexec-pristine-dbgsym_2.4.67-1~deb13u3_amd64.deb 0664d17046dde0611eb573b537e8bcee741fd1023f9f3e1716072a74cbc0804c 150116 apache2-suexec-pristine_2.4.67-1~deb13u3_amd64.deb afdd1d7fa3b8880bee9f2f91f2fecdb90a30f061ada331a6c21be6f01e8c4041 116004 apache2-utils-dbgsym_2.4.67-1~deb13u3_amd64.deb b7b0e2a85bbe0632571c0466a8b10d032596dd79504bee84989406483b5db259 217764 apache2-utils_2.4.67-1~deb13u3_amd64.deb a10a778a80a727b1b0b8b80857cc14bb7b6dde970d3e6a41120aa93c51ad80f5 11882 apache2_2.4.67-1~deb13u3_amd64-buildd.buildinfo ba7882e4665cfb99dc2db1830337fddeac93062e36d41e3fec30864f3ec629d3 226264 apache2_2.4.67-1~deb13u3_amd64.deb Files: 54a4a15c06c28eda6be4ee6e53119eed 3803936 debug optional apache2-bin-dbgsym_2.4.67-1~deb13u3_amd64.deb 90fe276b722f9a93070dff36d0720654 1411480 httpd optional apache2-bin_2.4.67-1~deb13u3_amd64.deb 374a626abd0e6e96d7ab7905ee06afb7 323112 httpd optional apache2-dev_2.4.67-1~deb13u3_amd64.deb 660f663aaa1097bfc5d90ce26ea66e8d 3140 httpd optional apache2-ssl-dev_2.4.67-1~deb13u3_amd64.deb ac4c9f969e3e7b5783a2ce585e7d0e3b 12364 debug optional apache2-suexec-custom-dbgsym_2.4.67-1~deb13u3_amd64.deb e0514cb5fd0efd8616e81c5a816d7465 151668 httpd optional apache2-suexec-custom_2.4.67-1~deb13u3_amd64.deb d3e3f1010924a06c36abd894fbcd2a66 11068 debug optional apache2-suexec-pristine-dbgsym_2.4.67-1~deb13u3_amd64.deb 27f6c1ff12c0cc030c8411b8d0ec919f 150116 httpd optional apache2-suexec-pristine_2.4.67-1~deb13u3_amd64.deb 28bf9cf2ef5c0d727ae8181bb19f3c0b 116004 debug optional apache2-utils-dbgsym_2.4.67-1~deb13u3_amd64.deb 41793c9459edb9547c7f159deb31f10e 217764 httpd optional apache2-utils_2.4.67-1~deb13u3_amd64.deb e618f59ebc5f6ca15ae0567ac54f1102 11882 httpd optional apache2_2.4.67-1~deb13u3_amd64-buildd.buildinfo 2dbb58b2d40996c6ce8acfd169163ae8 226264 httpd optional apache2_2.4.67-1~deb13u3_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBDWXQb2umOtH4DRpYg9P9sm2dfEFAmokIQUACgkQYg9P9sm2 dfG1ixAAgqy6s1uQjblx4PSyxFE+6Ei/4Lllux0MC/EIO9E1R0eMrV+STM6ThH7O VfycJLFxuW5UFWDjVrqcyrN9NRnUJJPqNLT/SQVhzDCao5tHOmowZU1H9pXhJsU/ pnA6bwWHisBapbWFCvUp39EmMNr/XDo2Y/pxmx1GpbEZWrWkq1gUkT1nomdxEyo5 pqWhdxg686Qf+rnuNeQlO5TLZ4cQ/HKDtz81vzjpFhypaNJxL9oe6rDuWtVRujNh Xz2jhfVS1qCEFnvdNlIrNU58gY6MzjXFudkISEMJ3DO9dqR7agGXqhm8aFU67pJW a0zzYLQQhdN0tC0/J7ERhu9KZsyfu6J3008TRd/REVhfkBgIaB5hdgOH/773NVAV pUzdALrqoqVFmVDrslorLicU82u+UOkKXs296su4zgOVTvbaF20XbsEJBTiX55er tTbbeYlDqTL5tjxRmouGGX/+6u2xM5B0WNAZNTRwvlmsi1iMIEKsSOABo7jx2Scw CTLNV7pw5lf+no26mWZGBJRqhUi/YcwPkdXCw3TaHAO91jSTvdzKY9hlAl3pAWK4 vsvUCHFGnDJ8FxXUCAefsz96cnPWqmSDCgzbeQ2zr1qo5hAK4J6F9QzKdq0V5XQ2 6rM6MyiYQcsaSTDvFMXsXMCO8a7pUrB1Th877GUO6OWFIvQX3Qk= =sJvM -----END PGP SIGNATURE-----