-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 05 Jun 2026 12:55:53 +0200 Source: apache2 Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym Architecture: ppc64el Version: 2.4.67-1~deb13u3 Distribution: trixie-security Urgency: medium Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) Changed-By: Bastien Roucariès Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.67-1~deb13u3) trixie-security; urgency=medium . * Fix CVE-2026-49975 (HTTP/2 Bomb) The bomb targets HPACK, HTTP/2's header compression scheme: one byte on the wire becomes one full header allocation on the server, repeated thousands of times per request. The hold is a zero-byte flow-control window that keeps the server from ever freeing any of it. Checksums-Sha1: 488dca782c244c64386ae6a16bee1cf4c44376b7 3556276 apache2-bin-dbgsym_2.4.67-1~deb13u3_ppc64el.deb 1f2718236c6a813e97d5d05bd9735dfc8591e46a 1470552 apache2-bin_2.4.67-1~deb13u3_ppc64el.deb d0a1f16837a3055d160aea023280a69f9972895c 323092 apache2-dev_2.4.67-1~deb13u3_ppc64el.deb fb60ce73a541699c49b1aeef91f23bde3921dcc5 3144 apache2-ssl-dev_2.4.67-1~deb13u3_ppc64el.deb dd5a3e914679116e38eb7dcb07d449dba4d9a47e 12772 apache2-suexec-custom-dbgsym_2.4.67-1~deb13u3_ppc64el.deb 28da05f1092d26a8143a0fb11bc3d8b1dcdcd1ff 151732 apache2-suexec-custom_2.4.67-1~deb13u3_ppc64el.deb 4f6b482fc04fe8aa1c01f9e20987b28ec66578e4 11408 apache2-suexec-pristine-dbgsym_2.4.67-1~deb13u3_ppc64el.deb 46606a7879a5db91e2f95c91237ff14f8dfd5902 150056 apache2-suexec-pristine_2.4.67-1~deb13u3_ppc64el.deb c9758fa69196267df60f0228845964c0598fd505 120468 apache2-utils-dbgsym_2.4.67-1~deb13u3_ppc64el.deb 76d6bcfa4566965054444e0aac8b2ddb647db049 220936 apache2-utils_2.4.67-1~deb13u3_ppc64el.deb c701ca53ea3fab9b63e8036f186de2e25c6d2c89 11935 apache2_2.4.67-1~deb13u3_ppc64el-buildd.buildinfo 0259d7f4c469058e84e24cee89eeac3d38c9f9fe 226272 apache2_2.4.67-1~deb13u3_ppc64el.deb Checksums-Sha256: 39e2773f2089bfcb83a4ae5b4a1a7df32979c1968c24af04883ffcb3d25885f6 3556276 apache2-bin-dbgsym_2.4.67-1~deb13u3_ppc64el.deb 5285395036cd9afc90d529cb0e1b6d0cb7186fb3a542ca0535cb16497349f5de 1470552 apache2-bin_2.4.67-1~deb13u3_ppc64el.deb ccb2e9b1ecf68a5a5c35f692b729dc17a52762c346ad13e89a7f8ac6453ede4f 323092 apache2-dev_2.4.67-1~deb13u3_ppc64el.deb 5c728e48d9a410f679d59c7c4e5d7d899f32b7decaef03cd74bc4c036e38192a 3144 apache2-ssl-dev_2.4.67-1~deb13u3_ppc64el.deb 6d5c60def8f081a5be71267a8930460b3b7519ebad64ad8133454fead4370469 12772 apache2-suexec-custom-dbgsym_2.4.67-1~deb13u3_ppc64el.deb 0430b0ef9824e575c850705382a3407965fea629f8432d0dd9f71c0d3f70c961 151732 apache2-suexec-custom_2.4.67-1~deb13u3_ppc64el.deb 1f10ac027d56c2e5c19e52b30097acfc4513dca598ca648ab5b1e11de4a13110 11408 apache2-suexec-pristine-dbgsym_2.4.67-1~deb13u3_ppc64el.deb ded9b788f9fd16432b26e745b2d1c13906079b44a3758bbbd53b4a27635b7f3a 150056 apache2-suexec-pristine_2.4.67-1~deb13u3_ppc64el.deb a3cabb730142759c2222cbbe32d917cc9922af0b4449e8b713210e1fb589d193 120468 apache2-utils-dbgsym_2.4.67-1~deb13u3_ppc64el.deb e63820e5ae93e44799a2d311ba34d96c634081e42a60dded8c0fdc14edfe7c71 220936 apache2-utils_2.4.67-1~deb13u3_ppc64el.deb 0146448a90d2a0fd9873f45667535fec7c6b6927ac350ac20f1a2621546aee25 11935 apache2_2.4.67-1~deb13u3_ppc64el-buildd.buildinfo 78075bfdd209674e42765f5aad0da02c6723f3b113e24990d024801db6647b7f 226272 apache2_2.4.67-1~deb13u3_ppc64el.deb Files: 96c1131846f4df308f0e99ae0bd87b13 3556276 debug optional apache2-bin-dbgsym_2.4.67-1~deb13u3_ppc64el.deb d8ba603eadba360e949b9683a8694a3e 1470552 httpd optional apache2-bin_2.4.67-1~deb13u3_ppc64el.deb 0994c7699c0aea2138690d975b9f6e0b 323092 httpd optional apache2-dev_2.4.67-1~deb13u3_ppc64el.deb bee743c1dbe9013d22f60412663ffe93 3144 httpd optional apache2-ssl-dev_2.4.67-1~deb13u3_ppc64el.deb 97ba0874e235769f46b2e65837888938 12772 debug optional apache2-suexec-custom-dbgsym_2.4.67-1~deb13u3_ppc64el.deb e1eb8432f115ad52d36c3d4ce1e49417 151732 httpd optional apache2-suexec-custom_2.4.67-1~deb13u3_ppc64el.deb 0f499e5a544320442d26e5902e772934 11408 debug optional apache2-suexec-pristine-dbgsym_2.4.67-1~deb13u3_ppc64el.deb 5fac4b13f5e75aae797923c0cfc3d0c7 150056 httpd optional apache2-suexec-pristine_2.4.67-1~deb13u3_ppc64el.deb 75c896fb57d1915172bf6c8bd9c177d6 120468 debug optional apache2-utils-dbgsym_2.4.67-1~deb13u3_ppc64el.deb 4a9b3d6b86e992a03cf532c052880279 220936 httpd optional apache2-utils_2.4.67-1~deb13u3_ppc64el.deb 7e6620769fb23604d911e8f8947839ec 11935 httpd optional apache2_2.4.67-1~deb13u3_ppc64el-buildd.buildinfo 5552dfa6b384c64d95a86f7fde2c8ebe 226272 httpd optional apache2_2.4.67-1~deb13u3_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEETLpi2USYGUNSlYhoNINNphgym2QFAmokIR0ACgkQNINNphgy m2R6rw//UKucZFUPWJobs0O62+B4clplyhPgRPDvysrCVc69lYKV2CWmiFAkTDVM wuOhT0roShVKbqRxkgN3DEpBFt4uGbpLysc1Y//1XIIPIkb+7qrHgtBlRKABBvaL 3bJ/WyM+2OrS0NV+Uu4sR1FpWRSUeLpFiPvn+ZVfAS/a7fc/sOdrkBRuQTtaK/SF Dg6w7MbfO6ZkBNuGrb+k2MvautsTL/EILvqBb0B0wvZ/UkxYbJqraUggYkk/ie1F ITjnFQBUbmvzO55ofknUammjaQrQ+yM80PfZfIuKvXYcM855vzvry+oWfQilNnNY cr/q4dhTMHJgHwgdSyscdJC4VbSRn9Uz4lulC3KYqC+9bM5o3hvqJBaKRYJE3nzh IJy1sUfMoHLaEVRNaUMB8vPyw2RESuYfIClTroca1NsYx4polQJanyaIN15oDb/S iqHHl3P+bR29lVVuAFDqTKj5MvTemgwEXXjNf+wvwiB9Zd1vrVF5B25+9L8+jDD/ 4bBONlZwZUcgVF5MnArt2noJos66eTHgl34jrn15DF7ZUHCkfQ4nBkZ5ViBQ31bb wmTb6a8j5AibminBYexvKzMCmLbq0YXHGDaC6ddZZFBr3eugfJDjvzCEPmBnK3Yj I3Z6chFHMu7GOxe+EFh+l3Y1SOB1iAqdEyjXgoBz37e3jHhXAdw= =9jWb -----END PGP SIGNATURE-----