Date: Thu, 04 Jun 2026 07:36:04 +0000 From: bugzilla-noreply@freebsd.org To: apache@FreeBSD.org Subject: maintainer-feedback requested: [Bug 295842] www/apache24: Patch CVE-2026-49975 (HTTP2 Bomb DoS) Message-ID: <bug-295842-16115-Hxot0ANyuo@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-295842-16115@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-apache (Nobody) <apache@FreeBSD.org> for maintainer-feedback: Bug 295842: www/apache24: Patch CVE-2026-49975 (HTTP2 Bomb DoS) https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295842 --- Description --- There is a new vulnerability in Apache HTTPD: https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb Assigned CVE: CVE-2026-49975 Patch: https://github.com/apache/httpd/commit/47d3100b252dc6668a9e46ae885242be9eeca9cd We've built and tested the patch locally: The build worked fine and the CVE is fixed / Vuln can't be exploited anymorehome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-295842-16115-Hxot0ANyuo>