Date: Thu, 04 Jun 2026 07:36:04 +0000 From: bugzilla-noreply@freebsd.org To: apache@FreeBSD.org Subject: [Bug 295842] www/apache24: Patch CVE-2026-49975 (HTTP2 Bomb DoS) Message-ID: <bug-295842-16115@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295842 Bug ID: 295842 Summary: www/apache24: Patch CVE-2026-49975 (HTTP2 Bomb DoS) Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: apache@FreeBSD.org Reporter: i.dani@outlook.com Assignee: apache@FreeBSD.org Flags: maintainer-feedback?(apache@FreeBSD.org) Created attachment 271469 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=271469&action=edit Patch CVE-2026-49975 There is a new vulnerability in Apache HTTPD: https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb Assigned CVE: CVE-2026-49975 Patch: https://github.com/apache/httpd/commit/47d3100b252dc6668a9e46ae885242be9eeca9cd We've built and tested the patch locally: The build worked fine and the CVE is fixed / Vuln can't be exploited anymore -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-295842-16115>