-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 05 Jun 2026 12:55:53 +0200
Source: apache2
Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym
Architecture: arm64
Version: 2.4.67-1~deb13u3
Distribution: trixie-security
Urgency: medium
Maintainer: arm64 Build Daemon (arm-ubc-01) <buildd_arm64-arm-ubc-01@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
Changes:
 apache2 (2.4.67-1~deb13u3) trixie-security; urgency=medium
 .
   * Fix CVE-2026-49975 (HTTP/2 Bomb)
     The bomb targets HPACK, HTTP/2's header compression
     scheme: one byte on the wire becomes one full header
     allocation on the server, repeated thousands of times
     per request. The hold is a zero-byte flow-control
     window that keeps the server from ever freeing any of it.
Checksums-Sha1:
 77bad9e4ba3391f0837a01eeeededa34a497074c 3792604 apache2-bin-dbgsym_2.4.67-1~deb13u3_arm64.deb
 230b3169e474c79dfba88039da794a7c06df1c20 1302060 apache2-bin_2.4.67-1~deb13u3_arm64.deb
 98a049b2833f28c46dd9fdb77a79c524471bf67a 323116 apache2-dev_2.4.67-1~deb13u3_arm64.deb
 d6bcdb682a7933e3eaa6c5b442cccfdcaa6d86aa 3140 apache2-ssl-dev_2.4.67-1~deb13u3_arm64.deb
 30358a0cfa394021634542b3ae434d51f51ab89e 12472 apache2-suexec-custom-dbgsym_2.4.67-1~deb13u3_arm64.deb
 dbcfeb8da1166edf48b3ae4bb8307acc4f53fab6 151540 apache2-suexec-custom_2.4.67-1~deb13u3_arm64.deb
 cb21aad3ae5038961635e64bbce342db342f9cc7 11276 apache2-suexec-pristine-dbgsym_2.4.67-1~deb13u3_arm64.deb
 f9dcc1bf963668077bee1f91afbe4812fca650cb 150032 apache2-suexec-pristine_2.4.67-1~deb13u3_arm64.deb
 925421dc3a68f44e467dc6277a39516503b900f8 118492 apache2-utils-dbgsym_2.4.67-1~deb13u3_arm64.deb
 06b304b4ad35d78c49b1d41b6635ebd7cc935327 214968 apache2-utils_2.4.67-1~deb13u3_arm64.deb
 0468996969331410f60744b0da5ebf18bb6bf407 11866 apache2_2.4.67-1~deb13u3_arm64-buildd.buildinfo
 8b7db149c8c2163204f43734effd9de2d713a510 226264 apache2_2.4.67-1~deb13u3_arm64.deb
Checksums-Sha256:
 885c8f8ff822015fcb19233af6c89e6db1f1419fa2b6f2a48c6e5107baaf0ec9 3792604 apache2-bin-dbgsym_2.4.67-1~deb13u3_arm64.deb
 d59d8777efc03503cb338e559280e42b3048a5e37d7ffb785e69dfa89b34944c 1302060 apache2-bin_2.4.67-1~deb13u3_arm64.deb
 3dac9c2b6e8b5ece91fd03a9e7f07d674e01818fb4b946064f9fc39b385d14c7 323116 apache2-dev_2.4.67-1~deb13u3_arm64.deb
 10fbc4081eafa48ba4873be1deafc8828e36cc067152f82efdc25914709c712d 3140 apache2-ssl-dev_2.4.67-1~deb13u3_arm64.deb
 3d906cb0a4aca87b01cd2d5b9f0c10b127e41273c62446ce7fd9aecaccf6d555 12472 apache2-suexec-custom-dbgsym_2.4.67-1~deb13u3_arm64.deb
 a0078b31f3796a1b8ddc7e1a7909ee839b074d870f1eba25568d7a1b6c39453a 151540 apache2-suexec-custom_2.4.67-1~deb13u3_arm64.deb
 8e40188bb843919667072e8564d8689898984151b7e20e4762afdba405580367 11276 apache2-suexec-pristine-dbgsym_2.4.67-1~deb13u3_arm64.deb
 677b3e3f9a6d47019de406fe7aff178f57880756f6b089f569c9f3572aa72356 150032 apache2-suexec-pristine_2.4.67-1~deb13u3_arm64.deb
 e94b25d3a8342b4c22f19f3981c6adabef67416991a33d5f7c27e0072a9ae9f5 118492 apache2-utils-dbgsym_2.4.67-1~deb13u3_arm64.deb
 8f2cb15ef6e950c24010e34d0c67c26646e2c4ad2be03b04b5fe18d026ccf6ea 214968 apache2-utils_2.4.67-1~deb13u3_arm64.deb
 6f54afeb3ad7f04834a9b3e7775b53bb394de2f3db9333d3aa392da85afc2748 11866 apache2_2.4.67-1~deb13u3_arm64-buildd.buildinfo
 bf0314b0dc24fe284830d8ff072308603d1c6002cdfb631ba986a18834af6aeb 226264 apache2_2.4.67-1~deb13u3_arm64.deb
Files:
 cb2a7ea6aa10a47e6fd38db5386b573a 3792604 debug optional apache2-bin-dbgsym_2.4.67-1~deb13u3_arm64.deb
 32c010fc541ecba69f26d8b7ebedabf9 1302060 httpd optional apache2-bin_2.4.67-1~deb13u3_arm64.deb
 6ad9eb7128c22669dafd3b2f3ea6da3f 323116 httpd optional apache2-dev_2.4.67-1~deb13u3_arm64.deb
 c0cf0ed27c88ccad7cd86bb3820533b3 3140 httpd optional apache2-ssl-dev_2.4.67-1~deb13u3_arm64.deb
 4b5a00e7c5e11c2789c29f2f859882b2 12472 debug optional apache2-suexec-custom-dbgsym_2.4.67-1~deb13u3_arm64.deb
 577f3aa1dceb8d41d293e1936482f7dd 151540 httpd optional apache2-suexec-custom_2.4.67-1~deb13u3_arm64.deb
 f039c88ff2230913314c556f60bd0dca 11276 debug optional apache2-suexec-pristine-dbgsym_2.4.67-1~deb13u3_arm64.deb
 807e1186d3719a0f4c98bbecb240b637 150032 httpd optional apache2-suexec-pristine_2.4.67-1~deb13u3_arm64.deb
 3102f26fe43d30c0f6cf20303596e194 118492 debug optional apache2-utils-dbgsym_2.4.67-1~deb13u3_arm64.deb
 e0f96b4452936b2d3f4ca6adc6821d8a 214968 httpd optional apache2-utils_2.4.67-1~deb13u3_arm64.deb
 5b00478bc9b9e8dfa9d18a45053008a3 11866 httpd optional apache2_2.4.67-1~deb13u3_arm64-buildd.buildinfo
 d234235c25821f79a0c78ce5c25e70da 226264 httpd optional apache2_2.4.67-1~deb13u3_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0Ha//LlsGOpbQ/H4xqCFmsOWgoYFAmokISoACgkQxqCFmsOW
gobpbg//bTotlncGcPPR/TI6WOLoYNNHjH2erdSiKLqlIwEh7MqBFV9Up5W5Z56o
IlO3o0kxHoo+bIBy03EC9gFloO7A4sSYCdEwDA8ifFdEPwlmvYCURYKtxSqaOAQE
MHDkviOXQ7ZMsOzFLinmmKoxpnoDjqUpqnhkIN8imC8be2MWe0xeVQMdqeUXyUVs
z9nMGT9ytXIN2M1H2sqxhX3qA8hTjd19Kh82r1gZr9qER/vLHKa7/Q/dE37FoBp1
OD7k9wBkAUvypBmst/LQ+K1cy1m4DQWq90iQW6dPvTUFAPNoly8SXyXEEVBK3fXS
CsYkbpZd0SLO8NIJzjsIsyk9fzYpOQenLYuoz/mc+3o/9l473oTA3asLEem6GKea
SQrk+mq/FO2NjcshqDgw75la/c9Blb73cOuoT9++vbsRF/ZqfWjTiT3co4gOT+IP
XzxWobAUpMOSZklUtR3QZfYkjYN8ga5Qg6timqDUVTyOu/Zi6ZTxuJMiDUvHJ3C1
prSAceXAUZZTTC8qTbFztazk6omzsl6o/+TCOV5fwYUJjlte2LPBh4Zv4h2PbfML
d9ptUb0VnnJbwQI74OmmWHNZFouv5Q4kD+/pqN3eyqoklqrqA/yOLbFhRaPMevMa
XSjqD1IQejpKrY4XQC5sQv27sBfXU0OAdnIik8+lrZqVZpCnTyo=
=z4UX
-----END PGP SIGNATURE-----