-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 05 Jun 2026 12:55:53 +0200 Source: apache2 Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym Architecture: riscv64 Version: 2.4.67-1~deb13u3 Distribution: trixie-security Urgency: medium Maintainer: riscv64 Build Daemon (rv-osuosl-03) Changed-By: Bastien Roucariès Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.67-1~deb13u3) trixie-security; urgency=medium . * Fix CVE-2026-49975 (HTTP/2 Bomb) The bomb targets HPACK, HTTP/2's header compression scheme: one byte on the wire becomes one full header allocation on the server, repeated thousands of times per request. The hold is a zero-byte flow-control window that keeps the server from ever freeing any of it. Checksums-Sha1: e04fc1268a7c386bef62d69bde956cb7c99bfc2f 3706316 apache2-bin-dbgsym_2.4.67-1~deb13u3_riscv64.deb 5d38fe597d5999b8456f570753c45617affce575 1367152 apache2-bin_2.4.67-1~deb13u3_riscv64.deb ca368fbbb75353b3938ca55e7f2c0df0f6235066 323096 apache2-dev_2.4.67-1~deb13u3_riscv64.deb 0c59a069d393f55cbf901837761d893abb91716d 3144 apache2-ssl-dev_2.4.67-1~deb13u3_riscv64.deb 666ea699ab04890c18591910bc86a7bf5803ed24 12252 apache2-suexec-custom-dbgsym_2.4.67-1~deb13u3_riscv64.deb 9317b4581762086181372833edcc6c23fefbbcc6 151068 apache2-suexec-custom_2.4.67-1~deb13u3_riscv64.deb 5b5247ae66ae3d9a0276335dec8681028e94110d 11084 apache2-suexec-pristine-dbgsym_2.4.67-1~deb13u3_riscv64.deb 4cb3d2fd8afcd1f192a256dcadc163b749e040d4 149584 apache2-suexec-pristine_2.4.67-1~deb13u3_riscv64.deb fbc05896904cc59cd642e119bb80ffa8b39dd2e3 115664 apache2-utils-dbgsym_2.4.67-1~deb13u3_riscv64.deb 254a0df1c7decab608626005a837a15c9dfc1128 216416 apache2-utils_2.4.67-1~deb13u3_riscv64.deb 3043aa2f382b7074e1512a4fbe0e22648d7f9db5 11880 apache2_2.4.67-1~deb13u3_riscv64-buildd.buildinfo 339ce067b9296d751ff8b643cf17739d8af89b91 226272 apache2_2.4.67-1~deb13u3_riscv64.deb Checksums-Sha256: bf9c6b36968b925e067028f6cdbc95581b2ba1c1ab5f0df3a94164fcd4900c68 3706316 apache2-bin-dbgsym_2.4.67-1~deb13u3_riscv64.deb 26e951465505cfafbd3b1bad81c906f735fd7b06a1bed05fc0c94c27cb29a8a9 1367152 apache2-bin_2.4.67-1~deb13u3_riscv64.deb bdde5832170e9c46cbf8ae946bb3b3841f8d3fff8c5dc1bdfd01889fc8eb975b 323096 apache2-dev_2.4.67-1~deb13u3_riscv64.deb a1984dd6f62e84b89ac0e21ed8d84be4c1a733e29fe29a3d7d6a57d7caeec6d5 3144 apache2-ssl-dev_2.4.67-1~deb13u3_riscv64.deb ce127be953e502f058d7e724bd669d1917641fe5d3f1e3551a23b1a2599b2b1b 12252 apache2-suexec-custom-dbgsym_2.4.67-1~deb13u3_riscv64.deb 79736cdf33da399f0ca728cd66ffd376f50b56f36b5c9c4c45bb15c8cc0b6899 151068 apache2-suexec-custom_2.4.67-1~deb13u3_riscv64.deb 15d4248c11318988333940c62041a00b19f7b95f468ffc9325268269d5f30a47 11084 apache2-suexec-pristine-dbgsym_2.4.67-1~deb13u3_riscv64.deb 7751fac623b1609e87c3f1f430d15322eb86185f2628cf93fa085f43626511d9 149584 apache2-suexec-pristine_2.4.67-1~deb13u3_riscv64.deb ac3f255e1c959732f9012fddb03d4eb65fd6fc26e8ff6386afedefd9e5ff155d 115664 apache2-utils-dbgsym_2.4.67-1~deb13u3_riscv64.deb 9184266478ebd56e83aa32ca5bbefc8f7b6d7c5b746557b634a0ceb6fd3c04dd 216416 apache2-utils_2.4.67-1~deb13u3_riscv64.deb 2f4d2e2c4d47c4e9a891438e21d4f75df5f226b9f93d42b986ad6e92c01dd1a7 11880 apache2_2.4.67-1~deb13u3_riscv64-buildd.buildinfo c6c85647351b5de7e525e982af0ef56d1314a1402b6dbb26105069bb252d4dde 226272 apache2_2.4.67-1~deb13u3_riscv64.deb Files: 1a6b485227bde44c1ba5798ca073a651 3706316 debug optional apache2-bin-dbgsym_2.4.67-1~deb13u3_riscv64.deb 766820d6bf043a096c683ce9d901e804 1367152 httpd optional apache2-bin_2.4.67-1~deb13u3_riscv64.deb 51d1cafdd598c0e6513cf18af98dff2d 323096 httpd optional apache2-dev_2.4.67-1~deb13u3_riscv64.deb 5bb9a98eb75a48d86c5a84d1716293aa 3144 httpd optional apache2-ssl-dev_2.4.67-1~deb13u3_riscv64.deb d6bcb1899e8ec601fe136ae8af86cb5f 12252 debug optional apache2-suexec-custom-dbgsym_2.4.67-1~deb13u3_riscv64.deb e4452f33e10f4781dcef7a79ea279f45 151068 httpd optional apache2-suexec-custom_2.4.67-1~deb13u3_riscv64.deb 93213c89d1fcfcb65c02f190e7cf99e9 11084 debug optional apache2-suexec-pristine-dbgsym_2.4.67-1~deb13u3_riscv64.deb 9596180f08e1bdc5b073a663df9bae6a 149584 httpd optional apache2-suexec-pristine_2.4.67-1~deb13u3_riscv64.deb 5bf664a46460ae999e7a2b3d7d905cab 115664 debug optional apache2-utils-dbgsym_2.4.67-1~deb13u3_riscv64.deb 6d702f6b9870be27253b6789f077474c 216416 httpd optional apache2-utils_2.4.67-1~deb13u3_riscv64.deb 9780dffeb72310e3efd7204be918f0df 11880 httpd optional apache2_2.4.67-1~deb13u3_riscv64-buildd.buildinfo efe178427d69b8c730e7f957f368ddab 226272 httpd optional apache2_2.4.67-1~deb13u3_riscv64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEExv8RwtKAmv8J56r/6ETk30hvxtkFAmokJ2IACgkQ6ETk30hv xtkaixAAyaoTejiCOg5HEnwaap7Xh2WjDlTb97ztPf4j0U/T2mHqwTQ+ilqxPq6g 3V82lCDxW9RUVAMAQwukvJ/On5kfG+8SgNqoHBQ/m5lV/F3i8xkqigjMoOyKkFRw /0A45bKkSCiyD+29WHLMsqTomA4QY14H3208jtv4Ftlay/SmvdyhBLqFYJxweWli BM/q+W5C0wGkO4g7yIWBWeAymPyt1QUW744w4I7Qz1VMV/XivEZi8Ga3YYxJEgOf YKX7T750uU/gul4mb3MwEmuXf9qprkDyVsAUKt6hwXDjCKYmwGf5K1lG38BgshN6 MnK9GEQ6o7Np56Y/e4WtlRRvqpI5EolxzMtFMLTP1Eu4cHbf8N/AgnczDc2WU54b MjBt2wafWoIAp0MPPmhguiuZAjoRcoeHm2zoBFE5F50c3sK/pncTeGSCrXjCjurK ucE5bymk0DVfSRPV9vz2HukVRY2jHbabUn01G5fsdnC8ujpZV1C1Q/4HzD8sduTl JYJ9RKeLpKxtZmoOX+GJZDEtzDvyvl3cYPSriqcdJQkAgOOHaaF5U4t/Nhj+29ij oVTxid74T4UWh3V35k9xV4R/i61nEH/OSvlthM9cJ5s6qJn5I2rekD5sgC+EgHLA fbCySKE59sXkDrux52csfQaMbZhv0H8fy8FzFKakEbSb9u6M/mE= =4rq4 -----END PGP SIGNATURE-----