* SECURITY UPDATE: Buffer underwrite in ap_regname() on crafted regular
expressions in the configuration
- debian/patches/CVE-2026-44631.patch: cast the capture-index bytes to
unsigned char and reject capture group numbers greater than 1024 in
ap_regname() in server/util_pcre.c, so a crafted regex in a
, , or section can no longer
produce a negative capture index and underwrite the names array; also
check the ap_regname() return value in dirsection(), urlsection() and
filesection() in server/core.c and proxysection() in
modules/proxy/mod_proxy.c. Upstream fix
7d9f3cfb10b0fe70df7358d26d7b1f374ea1a0cb (SVN r1935015).
- CVE-2026-44631