From 85b18e28a4fc0a54746582e5298db003920d0abf Mon Sep 17 00:00:00 2001 From: Peng Zhang Date: Sat, 13 Jul 2024 03:01:01 +0000 Subject: [PATCH] Debian: apache2: fix multiple CVEs Upgrade apache2 to 2.4.61-1~deb11u1 Upgrade apache2-bin to 2.4.61-1~deb11u1 Upgrade apache2-data to 2.4.61-1~deb11u1 Upgrade apache2-utils to 2.4.61-1~deb11u1 Refer to: https://nvd.nist.gov/vuln/detail/CVE-2024-36387 https://nvd.nist.gov/vuln/detail/CVE-2024-38473 https://nvd.nist.gov/vuln/detail/CVE-2024-38474 https://nvd.nist.gov/vuln/detail/CVE-2024-38475 https://nvd.nist.gov/vuln/detail/CVE-2024-38476 https://nvd.nist.gov/vuln/detail/CVE-2024-38477 https://nvd.nist.gov/vuln/detail/CVE-2024-39573 https://security-tracker.debian.org/tracker/DSA-5729-1 https://www.tenable.com/plugins/nessus/202232 TestPlan: PASS: downloader; build-pkgs PASS: build-image Closes-Bug: 2072904 Change-Id: I93c4381bfd3b3d7ea9d801258bd52ebfd222aedf Signed-off-by: Peng Zhang --- .../config/debian/common/base-bullseye.lst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/debian-mirror-tools/config/debian/common/base-bullseye.lst b/debian-mirror-tools/config/debian/common/base-bullseye.lst index 5f8012e9f..ff7f087f9 100644 --- a/debian-mirror-tools/config/debian/common/base-bullseye.lst +++ b/debian-mirror-tools/config/debian/common/base-bullseye.lst @@ -4,10 +4,10 @@ acpi-support-base 0.143-5 adduser 3.118 alembic 1.4.3-1 ansible 2.10.7+merged+base+2.10.8+dfsg-1 -apache2 2.4.59-1~deb11u1 https://snapshot.debian.org/archive/debian-security/20240416T183047Z/pool/updates/main/a/apache2/apache2_2.4.59-1~deb11u1_amd64.deb -apache2-bin 2.4.59-1~deb11u1 https://snapshot.debian.org/archive/debian-security/20240416T183047Z/pool/updates/main/a/apache2/apache2-bin_2.4.59-1~deb11u1_amd64.deb -apache2-data 2.4.59-1~deb11u1 https://snapshot.debian.org/archive/debian-security/20240416T183047Z/pool/updates/main/a/apache2/apache2-data_2.4.59-1~deb11u1_all.deb -apache2-utils 2.4.59-1~deb11u1 https://snapshot.debian.org/archive/debian-security/20240416T183047Z/pool/updates/main/a/apache2/apache2-utils_2.4.59-1~deb11u1_amd64.deb +apache2 2.4.61-1~deb11u1 https://snapshot.debian.org/archive/debian-security/20240711T193635Z/pool/updates/main/a/apache2/apache2_2.4.61-1~deb11u1_amd64.deb +apache2-bin 2.4.61-1~deb11u1 https://snapshot.debian.org/archive/debian-security/20240711T193635Z/pool/updates/main/a/apache2/apache2-bin_2.4.61-1~deb11u1_amd64.deb +apache2-data 2.4.61-1~deb11u1 https://snapshot.debian.org/archive/debian-security/20240711T193635Z/pool/updates/main/a/apache2/apache2-data_2.4.61-1~deb11u1_all.deb +apache2-utils 2.4.61-1~deb11u1 https://snapshot.debian.org/archive/debian-security/20240711T193635Z/pool/updates/main/a/apache2/apache2-utils_2.4.61-1~deb11u1_amd64.deb apparmor 2.13.6-10 apparmor-utils 2.13.6-10 apt 2.2.4