* SECURITY UPDATE: fix off-by-one out-of-bounds read in mod_proxy_ajp message getter functions - debian/patches/CVE-2026-33857-prereq.patch: prerequisite fix for ajp_msg_check_header bounds check to keep msg->len within buffer - debian/patches/CVE-2026-33857.patch: fix off-by-one out-of-bounds read in mod_proxy_ajp message getter functions - CVE-2026-33857 * SECURITY UPDATE: fix improper null termination and out-of-bounds read in ajp_msg_get_string - debian/patches/CVE-2026-34032.patch: fix improper null termination and out-of-bounds read in ajp_msg_get_string - CVE-2026-34032 * SECURITY UPDATE: fix heap buffer over-read in mod_proxy_ajp ajp_parse_data - debian/patches/CVE-2026-34059.patch: fix heap buffer over-read in mod_proxy_ajp ajp_parse_data - CVE-2026-34059 * SECURITY UPDATE: use restricted ap_expr parser in htaccess context to prevent local privilege escalation - debian/patches/CVE-2026-24072.patch: use restricted ap_expr parser in htaccess context to prevent local privilege escalation - CVE-2026-24072 * SECURITY UPDATE: fix NULL pointer dereference crash in mod_dav_lock dav_generic_refresh_locks - debian/patches/CVE-2026-29169.patch: fix NULL pointer dereference crash in mod_dav_lock dav_generic_refresh_locks - CVE-2026-29169 * SECURITY UPDATE: fix timing attack allowing Digest authentication bypass in mod_auth_digest - debian/patches/CVE-2026-33006.patch: fix timing attack allowing Digest authentication bypass in mod_auth_digest - CVE-2026-33006 * SECURITY UPDATE: fix NULL pointer dereference crash in mod_authn_socache - debian/patches/CVE-2026-33007.patch: fix NULL pointer dereference crash in mod_authn_socache - CVE-2026-33007 * SECURITY UPDATE: fix HTTP response splitting via newlines/controls in outgoing status line - debian/patches/CVE-2026-33523.patch: fix HTTP response splitting via newlines/controls in outgoing status line - CVE-2026-33523