-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 05 Jun 2026 12:55:53 +0200
Source: apache2
Binary: apache2-data apache2-doc
Architecture: all
Version: 2.4.67-1~deb13u3
Distribution: trixie-security
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) <buildd_amd64-x86-conova-02@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 apache2-data - Apache HTTP Server (common files)
 apache2-doc - Apache HTTP Server (on-site documentation)
Changes:
 apache2 (2.4.67-1~deb13u3) trixie-security; urgency=medium
 .
   * Fix CVE-2026-49975 (HTTP/2 Bomb)
     The bomb targets HPACK, HTTP/2's header compression
     scheme: one byte on the wire becomes one full header
     allocation on the server, repeated thousands of times
     per request. The hold is a zero-byte flow-control
     window that keeps the server from ever freeing any of it.
Checksums-Sha1:
 a8baed96d137dc9d70854ca6df60c8bdae29d383 160144 apache2-data_2.4.67-1~deb13u3_all.deb
 4a766270e8cd7b8d738f8363ac6fdec88b6aa53b 4034172 apache2-doc_2.4.67-1~deb13u3_all.deb
 94e2e86fec4dbcda144aa6b49c48596c6145887e 8949 apache2_2.4.67-1~deb13u3_all-buildd.buildinfo
Checksums-Sha256:
 a6190d3837c9761e4ccd11e6bec298ad14ba4a2c15a96c5a26f5b55addc05ec3 160144 apache2-data_2.4.67-1~deb13u3_all.deb
 5f80b89ae03cc01bc263fabb8a15240da602fe65e266e08350821448d442e83f 4034172 apache2-doc_2.4.67-1~deb13u3_all.deb
 e0b7ad32ff1e266764d15a13db07367f5ff8773f763c492aca76387d294a8f7c 8949 apache2_2.4.67-1~deb13u3_all-buildd.buildinfo
Files:
 cf6f8e6ee6543b82ae21c9ea33c43832 160144 httpd optional apache2-data_2.4.67-1~deb13u3_all.deb
 017dfbbb5f2690da5c5fc7858396d18b 4034172 doc optional apache2-doc_2.4.67-1~deb13u3_all.deb
 faca738cd447c65be5d3bfd8fb2e0546 8949 httpd optional apache2_2.4.67-1~deb13u3_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE+i/sCsF3puL4e7qIGNGWmfrqILEFAmokIVUACgkQGNGWmfrq
ILHs9A/9ENrEsaLz6uF6cpdXQRhsp6SObSWuqkuW/pC3aACWoZ2njp4IANtll+RO
8H+Z/gl62qqsxtmx16Od5Ly/BudEX79SGJJ04waa23o2vly3FzOkGN6pSXCZjlE3
CyDAkJBmmJIF4Nxsa44uaIXuA4hBlNNSCK5qKNK/EV7XO6pKAE4reo2kuGBktsTI
1TannFhjEGX6/xLN4og9cZ+QHLQWBOzD0kdh6S/wHuNnU7rdP43qYbhi8dmuB5vB
jV8sZbM+TXGpxaIUfsxPEEiR8Id703KPsu3ZmTghvgatpy+zw1VXvVzWMfSty8bg
DSyF3FxzjUWzemcAIN3RKcq9AleWNtKY16Hm8M9Wv2OVlzp3XOeQjFpdMESrM2Y/
QGVwgP/od4u7vIK2V4h6FLEebG8j6y4M4sYLC8RcNCQv97hWltnyh7J0YDANtxzk
RmNREYFOpn7QEgks+4YJHKas+iaYoJIB39YwRalUqDItEXb3YGr6NuBiztHQo6IM
9qo3dnViRY2hEBQM6/JJgaudszzbX9uiptfU/n5OHsWz2FcfLXFQ4YEq+v8OwSuw
0okrtD7CifQb125BKNO4lwJ2RhHLtMTbzKwoZ4pzY7/CljwrxYaKkriwpwJD6EOw
Scu+9aR1ehEfQnAYFGBPjqt7r1rK0bikPMxRpCiNO2eLbuttxS0=
=0Jsh
-----END PGP SIGNATURE-----