-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 05 Jun 2026 12:55:53 +0200
Source: apache2
Binary: apache2-data apache2-doc
Architecture: all
Version: 2.4.67-1~deb12u3
Distribution: bookworm-security
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) <buildd_amd64-x86-conova-02@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 apache2-data - Apache HTTP Server (common files)
 apache2-doc - Apache HTTP Server (on-site documentation)
Changes:
 apache2 (2.4.67-1~deb12u3) bookworm-security; urgency=medium
 .
   * Fix CVE-2026-49975 (HTTP/2 Bomb)
     The bomb targets HPACK, HTTP/2's header compression
     scheme: one byte on the wire becomes one full header
     allocation on the server, repeated thousands of times
     per request. The hold is a zero-byte flow-control
     window that keeps the server from ever freeing any of it.
Checksums-Sha1:
 519e18de544cb7d62f5972cca418b89165953911 160196 apache2-data_2.4.67-1~deb12u3_all.deb
 3c5ff7bf59444f202bb360129357f3bc5ca2331c 4032040 apache2-doc_2.4.67-1~deb12u3_all.deb
 c0e27ff021abfedbe0c05f6e222cf631109e6999 8299 apache2_2.4.67-1~deb12u3_all-buildd.buildinfo
Checksums-Sha256:
 827273b3f27989fe62a57bb1e08bb3b9567ad577179d7587be19b83f1fc23a36 160196 apache2-data_2.4.67-1~deb12u3_all.deb
 06ad191487e14775ddb578ea30ed147e38ec910fc89abde2133205244b7c328c 4032040 apache2-doc_2.4.67-1~deb12u3_all.deb
 86edb357446ea7065ae7266b88f91ccd2d9cbc3ef7b7ec1f3650081960661893 8299 apache2_2.4.67-1~deb12u3_all-buildd.buildinfo
Files:
 59a63ffbe24c102d8efabf6b2bd5d45c 160196 httpd optional apache2-data_2.4.67-1~deb12u3_all.deb
 f26ce3d88528d3fdaabc02af26a55352 4032040 doc optional apache2-doc_2.4.67-1~deb12u3_all.deb
 794c15ebbdbdb3e877ef6e44a5e2005e 8299 httpd optional apache2_2.4.67-1~deb12u3_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE+i/sCsF3puL4e7qIGNGWmfrqILEFAmokE9YACgkQGNGWmfrq
ILHtgA/9EYFkA0QslEA/tDOeU5YBfyWW6Efgi0+NVnvW9pD8gtsUnLQ3ofGg+mqF
YOXbZfj/sV5II3gI6iDZG6Q01QQS47yImAJiwyg4BCKJ8D40LT48Kx5nBYAbgOwx
oEotoW8f/HU5con3HgJD8MzpYkNrynA6biiuzRmDUkaXz9KGv6/ZciZeQJ1TMQHx
vEwvN+18VsetTF9PFPbAgwpmbvB5BndjZ+R+lFDG0ztkQ+vEDpNZGICK3O4+kZ7z
DKrcVRpK2VjDEMLs7aTzsxFVVS6luiVhEYPuTYwOnzP3ciiXrGkQNrzvAiiErUm+
QPc1f8UAdG0aPx77TIEJYqLcdPT0IzMseZnC1JVBVBXfuTtYT/ZRoSJEKqW/+FzP
UubCNLWQPHa0aDrbcIsKd8AzbGOOCzTPDqNdDvX1GLThuB/P/CTwuqlSi3ZNdN0E
DrwAB77PoKWQwY7fl+xWiwkW32YVG/S/hFfVFr2q4gC4TMx7k5C+Wo7iNpWsth7N
Rs3JTDnD6mI+2s6jfCAcWlsd6DSOvwgMWhe4kPuZ4qJLenqZQepmQYGa477CbPVU
omT9tMZftzOQiLzWWbFkCpCqLsgE/S999n+fft51pikq7ykneAElDHDKXmVnQKah
OX6RiHFOhGhSFJR4a45HWzs+RRBQv/Ys8XmYetKXn+hRFKp0G2s=
=5pfy
-----END PGP SIGNATURE-----