apache2_2.4.38-3_amd64.changes ACCEPTED into unstable
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 07 Apr 2019 20:15:40 +0200
Source: apache2
Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: source amd64 all
Version: 2.4.38-3
Distribution: unstable
Urgency: high
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description:
apache2 - Apache HTTP Server
apache2-bin - Apache HTTP Server (modules and other binary files)
apache2-data - Apache HTTP Server (common files)
apache2-dev - Apache HTTP Server (development headers)
apache2-doc - Apache HTTP Server (on-site documentation)
apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
apache2-utils - Apache HTTP Server (utility programs for web servers)
libapache2-mod-md - transitional package
libapache2-mod-proxy-uwsgi - transitional package
Changes:
apache2 (2.4.38-3) unstable; urgency=high
.
[ Marc Deslauriers ]
* SECURITY UPDATE: read-after-free on a string compare in mod_http2
- debian/patches/CVE-2019-0196.patch: disentangelment of stream and
request method in modules/http2/h2_request.c.
- CVE-2019-0196
* SECURITY UPDATE: privilege escalation from modules' scripts
- debian/patches/CVE-2019-0211.patch: bind the bucket number of each
child to its slot number in include/scoreboard.h,
server/mpm/event/event.c, server/mpm/prefork/prefork.c,
server/mpm/worker/worker.c.
- CVE-2019-0211
* SECURITY UPDATE: mod_ssl access control bypass
- debian/patches/CVE-2019-0215.patch: restore SSL verify state after
PHA failure in TLSv1.3 in modules/ssl/ssl_engine_kernel.c.
- CVE-2019-0215
* SECURITY UPDATE: mod_auth_digest access control bypass
- debian/patches/CVE-2019-0217.patch: fix a race condition in
modules/aaa/mod_auth_digest.c.
- CVE-2019-0217
* SECURITY UPDATE: URL normalization inconsistincy
- debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in
the path in include/http_core.h, include/httpd.h, server/core.c,
server/request.c, server/util.c.
- debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety
in server/request.c, server/util.c.
- debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in
server/util.c.
- CVE-2019-0220
.
[ Stefan Fritsch ]
* Pull security fixes from 2.4.39 via Ubuntu
* CVE-2019-0197: mod_http2: Fix possible crash on late upgrade
Checksums-Sha1:
1ab2869e47c84994906c900ab999cbd6d45d2c10 3478 apache2_2.4.38-3.dsc
bb42f56e0716ca824776a6452b98b4a49956f711 488 apache2_2.4.38.orig.tar.gz.asc
de0ad319db2cf9bdd64c162245fe98f30ca7089e 1021924 apache2_2.4.38-3.debian.tar.xz
c09e9a894b32a65d4d70a100dce06c857afaa06b 4724488 apache2-bin-dbgsym_2.4.38-3_amd64.deb
e2713d648eca25e90d9e750562ccfbd6ff3f4caa 1310008 apache2-bin_2.4.38-3_amd64.deb
7848ba2c4a0c68c057cfb20b8eb0842d1700a183 165180 apache2-data_2.4.38-3_all.deb
f109d197bdae7c604fe34b033b4680d6ea54c895 330784 apache2-dev_2.4.38-3_amd64.deb
59d11126b4b5c6baacb2e93afd7cf5d5b1c96acb 3989776 apache2-doc_2.4.38-3_all.deb
cb56f9341b4ff1e08fa8cc38f04cd6c49b9fb222 2340 apache2-ssl-dev_2.4.38-3_amd64.deb
d405a37ee20e5fe9aa35bc47c36b8738505f6bc3 12852 apache2-suexec-custom-dbgsym_2.4.38-3_amd64.deb
8c30477886e4f769472a1f3139639781b4767468 171264 apache2-suexec-custom_2.4.38-3_amd64.deb
c43b8983c1671bb005220bf32c006809a4ab5f91 11580 apache2-suexec-pristine-dbgsym_2.4.38-3_amd64.deb
48cdfc3b32feaeb1739f8b3b72fe9220d1c3a560 169700 apache2-suexec-pristine_2.4.38-3_amd64.deb
f08e8dc75edae0f234ea485e2d57c3d9b553137b 137720 apache2-utils-dbgsym_2.4.38-3_amd64.deb
c6ccc0749850c275a806b35cea668c03e4acc0d0 236300 apache2-utils_2.4.38-3_amd64.deb
5739fcea2f9b47472ea4a6dcbb5a824034f542fe 11754 apache2_2.4.38-3_amd64.buildinfo
34fb57fc25c9bb6ffd502c58894f4025d007a1a0 251104 apache2_2.4.38-3_amd64.deb
77cefc923b63229aeb90a05f2df7ecc0e24f5575 940 libapache2-mod-md_2.4.38-3_amd64.deb
29f2a4ecb66f5ba8734c03cfe262ab2044d7c5de 1128 libapache2-mod-proxy-uwsgi_2.4.38-3_amd64.deb
Checksums-Sha256:
84368067c7ed482afc697ffd5fecb92bde27cc4e04895e90469e2a2273921d2d 3478 apache2_2.4.38-3.dsc
4931fdd5833dc79592edd351047b9f153e3bac4323157e3f5d733d276d2a4997 488 apache2_2.4.38.orig.tar.gz.asc
67b3783fa909aab3c1e8f4b9ebb377407859fc2ac6623ea892b2d23a11532c9c 1021924 apache2_2.4.38-3.debian.tar.xz
f3980a46faf8ff28fa3ccccf33453f8371b1d3b427b7138383ed9bb359fb3f15 4724488 apache2-bin-dbgsym_2.4.38-3_amd64.deb
ef8bbba49075e2fe7bd9e1f3336b9cdab7862e1ee9de28142f428b4e34d51332 1310008 apache2-bin_2.4.38-3_amd64.deb
7b2d00c0536e9a7f2f3d07bda3db9736f9bcdc365ccc3fab792ac9a2630ea195 165180 apache2-data_2.4.38-3_all.deb
e4586d0ea515eaa77f43a39e957225ae7fd190a9971117505746a4888256fcc8 330784 apache2-dev_2.4.38-3_amd64.deb
aef94d25e4cc7c06849befb701574fbcc35bc89a67c6cdd30ea3f4e5bf86233a 3989776 apache2-doc_2.4.38-3_all.deb
9301878b9837412e0ecad86a4466fb48bac6555ca30b0cfab444b007c94651cc 2340 apache2-ssl-dev_2.4.38-3_amd64.deb
4ff68f832b8d290858dbcbb798357439e416bda970b40bb8915fa557f5a38464 12852 apache2-suexec-custom-dbgsym_2.4.38-3_amd64.deb
fc96f56dbeabbf412e2af9067ced3c9d7ddbbbce9b146f4c0e3924a9ec036ed8 171264 apache2-suexec-custom_2.4.38-3_amd64.deb
fe31e8d131e6771138413cf20bb397908a7f21fa312e2ebc2ed3382a438406a9 11580 apache2-suexec-pristine-dbgsym_2.4.38-3_amd64.deb
264d3596e7e2c0dbc31c3c3573367ac5a943016e64c2223f9704d7e7ffa4ca01 169700 apache2-suexec-pristine_2.4.38-3_amd64.deb
4d0c47b330050ed348def2d422d829d3c89fb45272b118f01eb24b8711538063 137720 apache2-utils-dbgsym_2.4.38-3_amd64.deb
18a800ae4434cd58ee98d860d2e08fb21b9546afcdf21d983eb6910279299c7a 236300 apache2-utils_2.4.38-3_amd64.deb
546377554dbd712b75e4697920517e0ce5b4907de32908108280ab30bb3d1456 11754 apache2_2.4.38-3_amd64.buildinfo
8ad1f508f958156e9bc3f4d7b828051e85e6102774743332fb38a794d4a4e402 251104 apache2_2.4.38-3_amd64.deb
d841cd4a55ce30684553d85aec44e1191ccd602277d459212a5ee4ad3f911863 940 libapache2-mod-md_2.4.38-3_amd64.deb
49790eb1bba381222d3a484a28df47c293ca96dcd673043c64a630f38c664114 1128 libapache2-mod-proxy-uwsgi_2.4.38-3_amd64.deb
Files:
cccbc69d7aeddea1703278169b86ced5 3478 httpd optional apache2_2.4.38-3.dsc
6933fc9cc71319ec87333b7e44b319ec 488 httpd optional apache2_2.4.38.orig.tar.gz.asc
44b9208294ef535a641177fa17e23e25 1021924 httpd optional apache2_2.4.38-3.debian.tar.xz
5f6a4571ce1e0708c68606546be0249b 4724488 debug optional apache2-bin-dbgsym_2.4.38-3_amd64.deb
edc84055cf86d3eab8a0657074f4e63e 1310008 httpd optional apache2-bin_2.4.38-3_amd64.deb
2b9c77c6062c73bb495ffeaf76eb3667 165180 httpd optional apache2-data_2.4.38-3_all.deb
6cedb6bf5b45a01fd0c25b18983cf126 330784 httpd optional apache2-dev_2.4.38-3_amd64.deb
21f0d19cd796ee6ba36f6c3e4a857e94 3989776 doc optional apache2-doc_2.4.38-3_all.deb
77512c750590f9af53bd8da60c5c26f7 2340 httpd optional apache2-ssl-dev_2.4.38-3_amd64.deb
f5060c5c4b1b66ed9db152353e26f01b 12852 debug optional apache2-suexec-custom-dbgsym_2.4.38-3_amd64.deb
8ed23b3226e72eaecd10e2451aacf9a3 171264 httpd optional apache2-suexec-custom_2.4.38-3_amd64.deb
2d9498354ef17749419919454ed9ab35 11580 debug optional apache2-suexec-pristine-dbgsym_2.4.38-3_amd64.deb
71c32af2d9f3cbadd9c63cb4439f593b 169700 httpd optional apache2-suexec-pristine_2.4.38-3_amd64.deb
e5dbee2942369e1b0b898b9579b2c49d 137720 debug optional apache2-utils-dbgsym_2.4.38-3_amd64.deb
1b64e9a40c453e0ad26e075f33c44b3a 236300 httpd optional apache2-utils_2.4.38-3_amd64.deb
dc71599ad9b7989b10d1ee52bd2b0f00 11754 httpd optional apache2_2.4.38-3_amd64.buildinfo
d91fc1b93d453ded3ba73dd8502aad63 251104 httpd optional apache2_2.4.38-3_amd64.deb
ca09129386b82e485b2a3b14b4028a8a 940 oldlibs optional libapache2-mod-md_2.4.38-3_amd64.deb
cfbd527941a125d8191afa05a75fe606 1128 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.38-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOpiNza8JqByyYYsxxodfNUHO/eAFAlyqS6MACgkQxodfNUHO
/eCg/w/+IBzlwkCbRpz8SkNutoMBMoP975LfUxkjv+4te/K74tKVhdv3DRy8bk0g
Cgzyi5sbbTbCnalk0IuK/jIuTaaGRblDeMaY96ovyrJcMURhnSVz0c/qhLt3jn5T
EuNSEWRYQaqTSMOlkdlDnWYZDQL1JVMuM5mvwg4znc80SnDnhN94j7iaBJPapief
cXbPAggS4u7F041Ajzb6kyQHIzmL/+kSXckd7Q9mjEIfSw/zTP9R8StE6cwWtbTP
pYf40+dEVuX3uQ9RQPX8coDx7umBob7ptD8SWoV3LMEX0wuxGPQKD9pF4x4JPFmt
nR+SYtKFsiPhJMmCHich9DMLQ9KOfk4OUATqWX+tndiKiBHIiSa9rOkqO+SS7HYP
HZe31eaxr9UpAh2N45mQbr93yYaXd3p6BZ2xqD0h+v0pLADMc74oMBcbMszRB7TA
Hs+LDdKiBG6kAAkgDZeWR6KuJkqJYzvUSeO+n594egk/Iw9oTVQAW9R7VEQeWAbc
TM0x+H7c5/dbIQnfKPK9Wh6cI1GB1XMzw9SKUsZqp54JhFMhm4+oqEVAqavpoIdi
Rnf/0euGLfEIJzzu+OhRIctkRqgqRmNXSx27KmIZNplveG+uJWoV8hd9Ig4SwWh7
jO6c71hVzrO7mcESuVcVRpWjF+4q2SEfgOdJVAjGc2wnK55AvDw=
=9Bg7
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
Reply to: