* SECURITY UPDATE: mod_proxy_ajp heap buffer over-read in ajp_msg_get_string - debian/patches/CVE-2026-34032.patch: add buffer checks in modules/proxy/ajp_msg.c. - CVE-2026-34032 * SECURITY UPDATE: AJP getter functions off-by-one out-of-bounds reads - debian/patches/CVE-2026-33857.patch: fix length checks in AJP msg_get functions in modules/proxy/ajp_msg.c. - CVE-2026-33857 * SECURITY UPDATE: mod_proxy_ajp heap over-read in ajp_parse_data - debian/patches/CVE-2026-34059.patch: fix message length check in modules/proxy/ajp_header.c. - CVE-2026-34059 * SECURITY UPDATE: mod_authn_socache crash in caching forward proxy - debian/patches/CVE-2026-33007.patch: validate URL earlier in modules/aaa/mod_authn_socache.c. - CVE-2026-33007 * SECURITY UPDATE: HTTP response splitting via malicious backend status line - debian/patches/CVE-2026-33523.patch: scan outgoing status line for newlines and controls in modules/http/http_filters.c. - CVE-2026-33523 * SECURITY UPDATE: mod_rewrite elevation of privileges via ap_expr in .htaccess - debian/patches/CVE-2026-24072.patch: use AP_EXPR_FLAG_RESTRICTED in htaccess context in modules/mappers/mod_rewrite.c, modules/metadata/mod_setenvif.c, modules/proxy/mod_proxy_fcgi.c. - CVE-2026-24072 * SECURITY UPDATE: mod_auth_digest timing attack allowing Digest auth bypass - debian/patches/CVE-2026-33006.patch: use apr_crypto_equals (constant- time comparison) for nonce hash and digest checks, add VALID_NONCE validation and MD5_DIGEST_LEN length check in get_digest_rec, in modules/aaa/mod_auth_digest.c. Bumps configure.in apr-util requirement to >= 1.6 (bionic ships 1.6.1). - CVE-2026-33006 * SECURITY UPDATE: mod_proxy_ajp ajp_msg_check_header bounds-check fix - debian/patches/CVE-2026-28780.patch: tighten the upper-bound check in ajp_msg_check_header() to reserve AJP_HEADER_LEN bytes of headroom in modules/proxy/ajp_msg.c (companion to CVE-2026-33857/34032). - CVE-2026-28780