Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/apr@1.4.4-1?distro=trixie
purl pkg:deb/debian/apr@1.4.4-1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-3cea-3rkm-r7gs A flaw was found in the apr_fnmatch() function of the bundled APR library. Where mod_autoindex is enabled, and a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack. Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions' directive disables processing of the client-supplied request query arguments, preventing this attack. Resolution: Update APR to release 1.4.5 (bundled with httpd 2.2.19) or release 0.9.20 (bundled with httpd 2.0.65) CVE-2011-0419

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T10:36:17.611847+00:00 Debian Importer Fixing VCID-3cea-3rkm-r7gs https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T07:09:58.864944+00:00 Debian Importer Fixing VCID-3cea-3rkm-r7gs https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-02T17:08:45.134458+00:00 Debian Importer Fixing VCID-3cea-3rkm-r7gs https://security-tracker.debian.org/tracker/data/json 38.1.0