Accepted apache2 2.4.33-1 (source amd64 all) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 30 Mar 2018 22:53:13 +0200
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg
Architecture: source amd64 all
Version: 2.4.33-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description:
apache2 - Apache HTTP Server
apache2-bin - Apache HTTP Server (modules and other binary files)
apache2-data - Apache HTTP Server (common files)
apache2-dbg - Apache debugging symbols
apache2-dev - Apache HTTP Server (development headers)
apache2-doc - Apache HTTP Server (on-site documentation)
apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
apache2-utils - Apache HTTP Server (utility programs for web servers)
Closes: 814980 878920
Changes:
apache2 (2.4.33-1) unstable; urgency=medium
.
* New upstream version.
Security fixes:
- CVE-2017-15710
Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig enabled
- CVE-2018-1283
mod_session: CGI-like applications that intend to read from mod_session's
'SessionEnv ON' could be fooled into reading user-supplied data instead.
- CVE-2018-1303
mod_cache_socache: Fix request headers parsing to avoid a possible crash
with specially crafted input data.
- CVE-2018-1301
core: Possible crash with excessively long HTTP request headers.
Impractical to exploit with a production build and production LogLevel.
- CVE-2017-15715
core: Configure the regular expression engine to match '$' to the end of
the input string only, excluding matching the end of any embedded
newline characters. Behavior can be changed with new directive
'RegexDefaultOptions'.
- CVE-2018-1312
mod_auth_digest: Fix generation of nonce values to prevent replay
attacks across servers using a common Digest domain. This change
may cause problems if used with round robin load balancers. PR 54637
- CVE-2018-1302
mod_http2: Potential crash w/ mod_http2.
.
- mod_proxy_uwsgi: New UWSGI proxy submodule.
- mod_md: New experimental module for managing domains across virtual
hosts, implementing the Let's Encrypt ACMEv1 protocol to signup and
renew certificates.
- core: silently ignore a not existent file path when IncludeOptional
is used. Closes: #878920
- mod_ldap: Avoid possible crashes, hangs, and busy loops. Closes: #814980
.
* Fix lintian warnings:
- Include SupportApache-small.png in apache2-doc package instead of
linking to apache.org, to avoid privacy issues.
- Use /usr/share/dpkg/architecture.mk instead of setting DEB_*_GNU_TYPE
- Remove deprecated use of autotools_dev with dh.
- Add some overrides
* Bump standards-version to 4.1.2 (no changes)
Checksums-Sha1:
57b59318d33630fcbd29e4438c1e7d6b6ffcc55d 3374 apache2_2.4.33-1.dsc
9e56042515793a6992adc4b9f3a0345a0cb98176 6934765 apache2_2.4.33.orig.tar.bz2
690c549eb7c94d7ff34549b73c310900b4b9b6ea 473 apache2_2.4.33.orig.tar.bz2.asc
3d16bffcf594c73c59f86c51315ddf6236e86c5c 785632 apache2_2.4.33-1.debian.tar.xz
65c3c4df59c4a213e3969111e3dd757d937de8c4 1302416 apache2-bin_2.4.33-1_amd64.deb
9d861182f689fafc736307107c62b53c96528805 161260 apache2-data_2.4.33-1_all.deb
9cd4158dcf879d71173c25d31ea7b7d76b614ec8 4241860 apache2-dbg_2.4.33-1_amd64.deb
37041f703e557d5eb7eaa8a31fbe788470e6cb01 323444 apache2-dev_2.4.33-1_amd64.deb
d96bf11f3b7fb302a0e12c6cbe0b84652fc0f799 3939036 apache2-doc_2.4.33-1_all.deb
f5e4739892ac0d9fe3c3e547f1915ef8e8cfd2d6 2344 apache2-ssl-dev_2.4.33-1_amd64.deb
2b1e0719018ccc91d039cd944974859c1d878de5 164692 apache2-suexec-custom_2.4.33-1_amd64.deb
62f1c8b5fc6dc9c81c7e21760d38afacede18d11 163192 apache2-suexec-pristine_2.4.33-1_amd64.deb
7b65c0c93525d47f087c9e1c956c406b678aae46 228452 apache2-utils_2.4.33-1_amd64.deb
7e47554722a60475d77fed294acec9d6859e79c8 10106 apache2_2.4.33-1_amd64.buildinfo
69f1c3844b42b9632bac46aede7d1a77fa07f94d 244292 apache2_2.4.33-1_amd64.deb
Checksums-Sha256:
4d07b2a9dd01e9bc855f60e008812e1f6f92a6b6450403e7688479209d8459a2 3374 apache2_2.4.33-1.dsc
de02511859b00d17845b9abdd1f975d5ccb5d0b280c567da5bf2ad4b70846f05 6934765 apache2_2.4.33.orig.tar.bz2
992f2929e0e4a4e353601abaa1fec016a75af2ee8e06740e41ae4b7924b70bbd 473 apache2_2.4.33.orig.tar.bz2.asc
2bcd0783ca1853a43b569e96c200c355b7236af8a57fb3fb529b56bd9cf4e199 785632 apache2_2.4.33-1.debian.tar.xz
6feee444ca8cd6af17b5ad848d85b6fdbf8dfc006306adb0904035235472bace 1302416 apache2-bin_2.4.33-1_amd64.deb
5fbbe2420d40dae6089c9e3ee2239764d952100fed9fe0c37695291edec0e3d7 161260 apache2-data_2.4.33-1_all.deb
ba3a8491c60762996be21e39c9c320a41353859fe3a986d457b21634f22f0fed 4241860 apache2-dbg_2.4.33-1_amd64.deb
e7dde1e36568234e536323ea49895ddef83857f1d9e952c48113eab771829e80 323444 apache2-dev_2.4.33-1_amd64.deb
4ed63d8c15e0404bac5c2f74e83d32523eb99b0f2c38c63e05170a220ac23cf1 3939036 apache2-doc_2.4.33-1_all.deb
42e0993bf43fc97e3c6f3fc3ee6baf6a7d081a6a07366980930325c9dde866ad 2344 apache2-ssl-dev_2.4.33-1_amd64.deb
5799d515af5466db1d18e7264b0d75c4b9e0cce15b8547ad92cd84350f4cc111 164692 apache2-suexec-custom_2.4.33-1_amd64.deb
9063a06eeb1af682aa6402b03f82c6461623e00d72c878fed46f1235e192b624 163192 apache2-suexec-pristine_2.4.33-1_amd64.deb
c34d9c8cd77e6a7363268ddef0adb4ade7c87108e54907be892698fa941cfdc3 228452 apache2-utils_2.4.33-1_amd64.deb
99bc9e1747a526f9e86972b7a4fd087123a6c50e487cb94bcf8ef8ec6607ee11 10106 apache2_2.4.33-1_amd64.buildinfo
eeb21e5b225fbe698e2eabaf85d8e3f44087df5b09549569085998c0113bcf33 244292 apache2_2.4.33-1_amd64.deb
Files:
47f0aaee452d6a4c8b42ff8324072c9e 3374 httpd optional apache2_2.4.33-1.dsc
6ef469d3f16fffeb688bc6e0346823e5 6934765 httpd optional apache2_2.4.33.orig.tar.bz2
d272385c5fc3961f7a01b61894dd9942 473 httpd optional apache2_2.4.33.orig.tar.bz2.asc
0079b04636ffb87a3e0abff665763f48 785632 httpd optional apache2_2.4.33-1.debian.tar.xz
0aa85823acd2e93b7a82feb343d36e3b 1302416 httpd optional apache2-bin_2.4.33-1_amd64.deb
f6d6ab2a636e4bb7f510754912ec6bf0 161260 httpd optional apache2-data_2.4.33-1_all.deb
916c6bc1ccd9d4cbbe47a9f224fd2e05 4241860 debug optional apache2-dbg_2.4.33-1_amd64.deb
24e17082ed2444087e9b5de78a3fcfe0 323444 httpd optional apache2-dev_2.4.33-1_amd64.deb
8f4468624754028ea73fdbd088d10287 3939036 doc optional apache2-doc_2.4.33-1_all.deb
774cb1ad0838512bcd2d1f527f06065b 2344 httpd optional apache2-ssl-dev_2.4.33-1_amd64.deb
1a297bd36cb541e0e3bb885f74fcc5d6 164692 httpd optional apache2-suexec-custom_2.4.33-1_amd64.deb
78112460051747d7e3aa8c2e7a6bbaf8 163192 httpd optional apache2-suexec-pristine_2.4.33-1_amd64.deb
9d2d174b29cd87923674e7d107ee2854 228452 httpd optional apache2-utils_2.4.33-1_amd64.deb
a743f245852337dfa5c9cef3ff2eb685 10106 httpd optional apache2_2.4.33-1_amd64.buildinfo
69e6dfce4d392c5d99540efff5fe910f 244292 httpd optional apache2_2.4.33-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEOpiNza8JqByyYYsxxodfNUHO/eAFAlq+pVsACgkQxodfNUHO
/eCqCg/+PWqa4chm3Gm+9zvn8cpeHD3Z+Ou3otPGJZC9knv9PR2rmM/wgiEixgR8
HWgW5ASgoDzRFQtOoa4osG5/DnOpkhoywxpqwyFhtFNDrxaQX3/je6rCYyUIXEjg
kjG/KbosAga04xu5OjWpYrGSLezIpM6O+hRwiX0TNCuXAQjFj21IC+53HK1NyatL
6fNQ75go83fB0gJHQMeX6OalryX3DukX6w4jRJtfExaJ1fVxp94M7aZkPoyaPxHG
mADRn5J3wCKAKLZEiGJ+pv5LVfnfnjZYr4+UJsKgKRGVefhivmC1igHMwXI+SKcO
139QBsJlPSIXfafQyMZSXUsxLJfVw+2HAQgvxWgcAV83C5gvDM9/4hXVMWw1jYtZ
FyN8QFNtgBdYtS+r91jHnXuq5O54ofWEUu7zVyOQ2C6mfTwL98+EhbPVEdmxhvDO
cyziIwjY/Q2d5jD78YLtq1QxT4GCjpcf5oS5pQJgNzfOkFzuaFOJayxr/ckGixCd
ERXIcHPP/we7nUhVzkJghlfV5LQJszhvmOQqsaRNAuUCoxFFvPXnBgtg/kqlvhZt
/ar38333m5+CTxk78k8x15EyDmJEY2imo+MUiBDw7zKPkW//f5Few8CVG15R4WRU
uXauppAbtrZ9aWwRspBM1EAS57S5q7mg+v8IpA1MhaotAxyU1/g=
=PMYJ
-----END PGP SIGNATURE-----
Reply to: