apache2 (2.4.67-2) [PTS] [DDPO]

OK: VCS matches the version in the archive

Git: https://salsa.debian.org/apache-team/apache2.git
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: master
Path: debian/changelog
Repo size: 4513792
Browser: https://salsa.debian.org/apache-team/apache2
Last scan: 2026-06-07 12:40:12+00
Next scan: 2026-06-14 12:45:00+00
Merge requests: 1
CI pipeline status: failed

Debian changelog in Git:

apache2 (2.4.67-2) unstable; urgency=medium

  * Fix a typo in NEWS file (Closes: #1135096)
  * Fix CVE-2026-49975 (HTTP/2 Bomb)
    The bomb targets HPACK, HTTP/2's header compression
    scheme: one byte on the wire becomes one full header
    allocation on the server, repeated thousands of times
    per request. The hold is a zero-byte flow-control
    window that keeps the server from ever freeing any of it.

 -- Bastien Roucariès <rouca@debian.org>  Fri, 08 May 2026 18:39:07 +0200

This branch is even with tag debian/2.4.67-2