* SECURITY UPDATE: buffer underwrite in ap_regname() regex capture handling
- debian/patches/CVE-2026-44631.patch: cast the PCRE name-table bytes to
unsigned char in ap_regname() so the capture group number cannot become
negative, and reject capture numbers above 1024, in server/util_pcre.c;
check the return value in the
, , and
section handlers in server/core.c and modules/proxy/mod_proxy.c
- CVE-2026-44631