CLSA-2026-1778054005 Fix CVE(s): CVE-2026-23918
SECURITY UPDATE: double free and possible remote code execution via HTTP/2 stream double-purge in modhttp2 - debian/patches/CVE-2026-23918.patch: prevent double purge of a stream by introducing addforpurge helper that checks for duplicates before adding to the purge queue in modules/http2/h2mplx....