Hi, I have prepared a big update of the stretch apache2 package that ships the mod_http2 version from 2.4.33. I hope it will be included in the next stable point release. It would be great if interested people could give it some testing. The list of changes is: * Upgrade mod_http and mod_proxy_http2 to the versions from 2.4.33. This fixes - CVE-2018-1302: mod_http2: Potential crash w/ mod_http2 - Segfaults in mod_http2 (Closes: #873945) - mod_http2 issue with option "Indexes" and directive "HeaderName" (Closes: #850947) * mod_http2: Avoid high memory usage with large files, causing crashes on 32bit archs. Closes: #897218 * Make the apache-htcacheclean init script actually look into /etc/default/apache-htcacheclean for its config. Closes: #898563 amd64 and source Packages are available at [1]. Thanks in advance. Cheers, Stefan [1] https://www.sfritsch.de/~stf/apache2_2.4.25-3+deb9u5~test1/ sha256sums: aca9dc0db14876c597d9c9455d205612eac341b8885064b83bf43f8ec0f5af47 apache2_2.4.25-3+deb9u5.debdiff c173647748c1344f3add1d22bf89d7a8010535a7a0e041f4eccd1d5e2d454a2d apache2_2.4.25-3+deb9u5.part.debdiff e5361e3cf67657fb3ccfc49fc59c84c35991bfb75f9d47552ae68a8220339c3a apache2_2.4.25-3+deb9u5~test1_amd64.build 43f18b02eec98190d7318f04fcaf317cb4599bc2f7c37b1fe1acaa0880799876 apache2_2.4.25-3+deb9u5~test1_amd64.buildinfo 9764c2a17c1deafb7d60d96438428ebbb7115528a1530ee1536d9fbde2deca0f apache2_2.4.25-3+deb9u5~test1_amd64.changes 4e214344fe4b05f09ae5bd084ca1d873b7d3a999668eb6679334873851f9e4b8 apache2_2.4.25-3+deb9u5~test1_amd64.deb ccba79468e99cab477c44548bd1665ac541d22ac8cb8e59962b6711cbaddd0ff apache2_2.4.25-3+deb9u5~test1.debian.tar.xz 2a9f588a444660f56702993240db37019f3cb0215f34bb5d314485a959ed1d96 apache2_2.4.25-3+deb9u5~test1.dsc fa9ad94a92ce4dad96ad8ddc1564c61513744afa306167672b434b4232f6bbd4 apache2- bin_2.4.25-3+deb9u5~test1_amd64.deb 707fe797040eadbfb1a3c43333b1e6931416338b90615583fe939e7b79421ee8 apache2- data_2.4.25-3+deb9u5~test1_all.deb 7bb263b909c2aa428b10a1bb5c03d3d8c851908484a09e7971ceddaa734917a2 apache2- dbg_2.4.25-3+deb9u5~test1_amd64.deb e79bdc9105a7b2f4bc8d0d7d7e53008636d756db45cc323a4ca2b900e19b4e03 apache2- dev_2.4.25-3+deb9u5~test1_amd64.deb e90b9838b1c9d041b2177830c0c8f3f9fab87b820af28400dcb85bffd4742140 apache2- doc_2.4.25-3+deb9u5~test1_all.deb 43eaf4b141c0d8f23ef5781e2a01187aedd59cb4455a2aa3b66777edcf98677c apache2-ssl- dev_2.4.25-3+deb9u5~test1_amd64.deb 89b4a9221c72e8357cd3683403de1575fb2ee548654208427b9fca6e5945005c apache2- suexec-custom_2.4.25-3+deb9u5~test1_amd64.deb 2fd411454962beb7176684b9b7b932ac349f7ba191ac545b14aa439cb7eb44ea apache2- suexec-pristine_2.4.25-3+deb9u5~test1_amd64.deb 927b1742b47a7190b8fdfabfb456f0ea63e357db5e13861a55097a003ec55796 apache2- utils_2.4.25-3+deb9u5~test1_amd64.deb e2905a7f0fc18bb3d7021d596861ce19c313d832205fe890e68e583092b8fcd9 mod_http2-upgrade-to-2.4.33.diffstat ccaefad14dd2f33733c1707f2a6a97bf6e8bf06f3c32e975a5f14f8e6dc7f64c SHA256SUM.asc
Attachment:
signature.asc
Description: This is a digitally signed message part.