Format: 1.8
Date: Wed, 03 Apr 2019 14:31:46 -0400
Source: apache2
Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: armhf
Version: 2.4.38-2ubuntu2
Distribution: disco-proposed
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-036.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Changes:
 apache2 (2.4.38-2ubuntu2) disco; urgency=medium
 .
   * SECURITY UPDATE: read-after-free on a string compare in mod_http2
     - debian/patches/CVE-2019-0196.patch: disentangelment of stream and
       request method in modules/http2/h2_request.c.
     - CVE-2019-0196
   * SECURITY UPDATE: privilege escalation from modules' scripts
     - debian/patches/CVE-2019-0211.patch: bind the bucket number of each
       child to its slot number in include/scoreboard.h,
       server/mpm/event/event.c, server/mpm/prefork/prefork.c,
       server/mpm/worker/worker.c.
     - CVE-2019-0211
   * SECURITY UPDATE: mod_ssl access control bypass
     - debian/patches/CVE-2019-0215.patch: restore SSL verify state after
       PHA failure in TLSv1.3 in modules/ssl/ssl_engine_kernel.c.
     - CVE-2019-0215
   * SECURITY UPDATE: mod_auth_digest access control bypass
     - debian/patches/CVE-2019-0217.patch: fix a race condition in
       modules/aaa/mod_auth_digest.c.
     - CVE-2019-0217
   * SECURITY UPDATE: URL normalization inconsistincy
     - debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in
       the path in include/http_core.h, include/httpd.h, server/core.c,
       server/request.c, server/util.c.
     - debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety
       in server/request.c, server/util.c.
     - debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in
       server/util.c.
     - CVE-2019-0220
Checksums-Sha1:
 1c28d615631530e445c63d5179e1a1421ba4d60f 4674104 apache2-bin-dbgsym_2.4.38-2ubuntu2_armhf.ddeb
 d5802b7dbd627085b5079ee2cf24fd880e8f37fc 1000328 apache2-bin_2.4.38-2ubuntu2_armhf.deb
 fd1591726c0e8fd9a5431969831d038a1d360aab 178928 apache2-dev_2.4.38-2ubuntu2_armhf.deb
 c1ea61d29fa37873a85b8cca135239ee81024727 2392 apache2-ssl-dev_2.4.38-2ubuntu2_armhf.deb
 7062876d7f25dfba35e16bba36a8f8cfee226bfe 12740 apache2-suexec-custom-dbgsym_2.4.38-2ubuntu2_armhf.ddeb
 4356ca899aa84f6f1909f68626e36c25530b1348 14612 apache2-suexec-custom_2.4.38-2ubuntu2_armhf.deb
 b9a8523006260269bdaef0133ea30f2509a9aac1 11628 apache2-suexec-pristine-dbgsym_2.4.38-2ubuntu2_armhf.ddeb
 fe24782f23cf78989ee92856ff91dfa48bf7de45 13152 apache2-suexec-pristine_2.4.38-2ubuntu2_armhf.deb
 9d2078a64e92f55725696d8b30c0ba246197c95b 140664 apache2-utils-dbgsym_2.4.38-2ubuntu2_armhf.ddeb
 e316597eed82512ebfa2fd68d2c3e476197534e3 85664 apache2-utils_2.4.38-2ubuntu2_armhf.deb
 b8e55a462e61541c8ab07cdc004da05908496f80 10766 apache2_2.4.38-2ubuntu2_armhf.buildinfo
 d6779a329a826e33f6fbca5ce6f845a32e9002a9 95460 apache2_2.4.38-2ubuntu2_armhf.deb
 f1db4bb73ba8778e714c82d42b6764aa16f2e98f 988 libapache2-mod-md_2.4.38-2ubuntu2_armhf.deb
 12fd93fe1c8dc66288e3e17cedacb70f88b2d75c 1176 libapache2-mod-proxy-uwsgi_2.4.38-2ubuntu2_armhf.deb
Checksums-Sha256:
 200cab9b3439455fd2d9be09a349816fc9370bf202b0d23e89b4ccdf86d9c2b5 4674104 apache2-bin-dbgsym_2.4.38-2ubuntu2_armhf.ddeb
 fb38f2a1ecb7d16de85f09324f9fafb0b729b33f58a4311ec946b073dc0c3979 1000328 apache2-bin_2.4.38-2ubuntu2_armhf.deb
 9bcc7d175610d7b5124ca000f7fe94a66b392713b98644d0c15b7b39e924c985 178928 apache2-dev_2.4.38-2ubuntu2_armhf.deb
 cdace980ed6367a993d912c6d9849e534114d7c0e5c733179e86450307e2de37 2392 apache2-ssl-dev_2.4.38-2ubuntu2_armhf.deb
 e9132400828aedb9b746d8b877e0a1f54c447b5669340f4241f2d9cb4de98468 12740 apache2-suexec-custom-dbgsym_2.4.38-2ubuntu2_armhf.ddeb
 5a8601fadb61341967b251e36f94160df64f2766bfc4b9101d5480e3a694823a 14612 apache2-suexec-custom_2.4.38-2ubuntu2_armhf.deb
 ea8ab9e2b1ae9ee9e698a656bce8fab3728c76d1e642fda104ce0e1e22155af7 11628 apache2-suexec-pristine-dbgsym_2.4.38-2ubuntu2_armhf.ddeb
 52ff006e5a527cdbbcf3ad122b7b12631a50e6222a6e546e1ab886cd3cc6a2db 13152 apache2-suexec-pristine_2.4.38-2ubuntu2_armhf.deb
 2d35e479dc5eb8f6eee152dd2bdab7bb710b0fae637e1f17433280e0c71cb236 140664 apache2-utils-dbgsym_2.4.38-2ubuntu2_armhf.ddeb
 f3ace5ecf49f498eca0a7767c3cee683fc16c7572f28ac34e1b3fc6fcd9d5f11 85664 apache2-utils_2.4.38-2ubuntu2_armhf.deb
 d6205449f6f726ceb4013e9601dcbf2f79b428717d6a7294fd8447ff0f7a47ac 10766 apache2_2.4.38-2ubuntu2_armhf.buildinfo
 900cacfd365e1b4ef9e2afcf61ff9ed9811b4e349d73808d80fa20b10217b33c 95460 apache2_2.4.38-2ubuntu2_armhf.deb
 803c9d3bb9d93ce5b318420e940a4752f18c05b68a5d58d275f3a93f0c643a23 988 libapache2-mod-md_2.4.38-2ubuntu2_armhf.deb
 23145027d56652ccd8c49d9b3131304acf89a9c45cc64025da3b600b947053f2 1176 libapache2-mod-proxy-uwsgi_2.4.38-2ubuntu2_armhf.deb
Files:
 8ad91f543a4b2a6b6023e6f97d450489 4674104 debug optional apache2-bin-dbgsym_2.4.38-2ubuntu2_armhf.ddeb
 1c34dc602b3d29b71e401e1e396bed7a 1000328 httpd optional apache2-bin_2.4.38-2ubuntu2_armhf.deb
 3da2ee6020ed341d53fd6666dfee1fba 178928 httpd optional apache2-dev_2.4.38-2ubuntu2_armhf.deb
 afab41b13bf2cad44f3270181bb3acf1 2392 httpd optional apache2-ssl-dev_2.4.38-2ubuntu2_armhf.deb
 531d39f1bfedc6b9f6912e45d6f4f128 12740 debug optional apache2-suexec-custom-dbgsym_2.4.38-2ubuntu2_armhf.ddeb
 5d54f79c947976043eaf52e7dbeba2de 14612 httpd optional apache2-suexec-custom_2.4.38-2ubuntu2_armhf.deb
 3d44f259d1b73e1439c320ce65bbb23f 11628 debug optional apache2-suexec-pristine-dbgsym_2.4.38-2ubuntu2_armhf.ddeb
 b102ec1c0d8a2bb060957ff2bf630183 13152 httpd optional apache2-suexec-pristine_2.4.38-2ubuntu2_armhf.deb
 96d1439c79248299dd0ee2f30d6d1862 140664 debug optional apache2-utils-dbgsym_2.4.38-2ubuntu2_armhf.ddeb
 e51701aec8cc8d5d35e7f571700410cb 85664 httpd optional apache2-utils_2.4.38-2ubuntu2_armhf.deb
 04b300e123c2451ff528217647cb65e2 10766 httpd optional apache2_2.4.38-2ubuntu2_armhf.buildinfo
 478ffddaf8c0a8c0aa5c3dc1bf065f43 95460 httpd optional apache2_2.4.38-2ubuntu2_armhf.deb
 2213ab284a3ab0bea548816115c19d1c 988 oldlibs optional libapache2-mod-md_2.4.38-2ubuntu2_armhf.deb
 a10f9307856c062c796c4b3073e7a994 1176 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.38-2ubuntu2_armhf.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>