apache2 2.4.38-3ubuntu1 source package in Ubuntu
Changelog
apache2 (2.4.38-3ubuntu1) eoan; urgency=low * Merge from Debian unstable. Remaining changes: - Cherrypick upstream testsuite fix: + r1850941 Skip tests for TLSv1.3 (where there is no "renegotiation" as such). - Similarly use TLSv1.2 for pr12355 and pr43738. - debian/{control, apache2.install, apache2-utils.ufw.profile, apache2.dirs}: Add ufw profiles. - debian/apache2.py, debian/apache2-bin.install: Add apport hook. - debian/patches/086_svn_cross_compiles: Backport several cross fixes from upstream [Removed configure chunk, not needed since configure.in is being patched.] - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace Debian with Ubuntu on default page. + d/source/include-binaries: add Ubuntu icon file - d/t/control, d/t/check-http2: add basic test for http2 support apache2 (2.4.38-3) unstable; urgency=high [ Marc Deslauriers ] * SECURITY UPDATE: read-after-free on a string compare in mod_http2 - debian/patches/CVE-2019-0196.patch: disentangelment of stream and request method in modules/http2/h2_request.c. - CVE-2019-0196 * SECURITY UPDATE: privilege escalation from modules' scripts - debian/patches/CVE-2019-0211.patch: bind the bucket number of each child to its slot number in include/scoreboard.h, server/mpm/event/event.c, server/mpm/prefork/prefork.c, server/mpm/worker/worker.c. - CVE-2019-0211 * SECURITY UPDATE: mod_ssl access control bypass - debian/patches/CVE-2019-0215.patch: restore SSL verify state after PHA failure in TLSv1.3 in modules/ssl/ssl_engine_kernel.c. - CVE-2019-0215 * SECURITY UPDATE: mod_auth_digest access control bypass - debian/patches/CVE-2019-0217.patch: fix a race condition in modules/aaa/mod_auth_digest.c. - CVE-2019-0217 * SECURITY UPDATE: URL normalization inconsistincy - debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in the path in include/http_core.h, include/httpd.h, server/core.c, server/request.c, server/util.c. - debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety in server/request.c, server/util.c. - debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in server/util.c. - CVE-2019-0220 [ Stefan Fritsch ] * Pull security fixes from 2.4.39 via Ubuntu * CVE-2019-0197: mod_http2: Fix possible crash on late upgrade -- Dimitri John Ledkov <email address hidden> Mon, 10 Jun 2019 19:17:38 +0100
Upload details
- Uploaded by:
- Dimitri John Ledkov
- Uploaded to:
- Eoan
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- web
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
apache2_2.4.38.orig.tar.gz | 8.8 MiB | 38d0b73aa313c28065bf58faf64cec12bf7c7d5196146107df2ad07541aa26a6 |
apache2_2.4.38.orig.tar.gz.asc | 488 bytes | 4931fdd5833dc79592edd351047b9f153e3bac4323157e3f5d733d276d2a4997 |
apache2_2.4.38-3ubuntu1.debian.tar.xz | 1012.8 KiB | 0798e9f56f670f972783b1a2d9545f48e2739733113d4d68681c6d68fca273ed |
apache2_2.4.38-3ubuntu1.dsc | 3.5 KiB | fa0ea1d5eca04b5a9f98d3aa4d2e3216dded73fcf0279c21579a7b962cca522d |
Available diffs
Binary packages built by this source
- apache2: No summary available for apache2 in ubuntu eoan.
No description available for apache2 in ubuntu eoan.
- apache2-bin: No summary available for apache2-bin in ubuntu eoan.
No description available for apache2-bin in ubuntu eoan.
- apache2-bin-dbgsym: No summary available for apache2-bin-dbgsym in ubuntu eoan.
No description available for apache2-bin-dbgsym in ubuntu eoan.
- apache2-data: No summary available for apache2-data in ubuntu eoan.
No description available for apache2-data in ubuntu eoan.
- apache2-dev: No summary available for apache2-dev in ubuntu eoan.
No description available for apache2-dev in ubuntu eoan.
- apache2-doc: No summary available for apache2-doc in ubuntu eoan.
No description available for apache2-doc in ubuntu eoan.
- apache2-ssl-dev: No summary available for apache2-ssl-dev in ubuntu eoan.
No description available for apache2-ssl-dev in ubuntu eoan.
- apache2-suexec-custom: No summary available for apache2-suexec-custom in ubuntu eoan.
No description available for apache2-
suexec- custom in ubuntu eoan.
- apache2-suexec-custom-dbgsym: No summary available for apache2-suexec-custom-dbgsym in ubuntu eoan.
No description available for apache2-
suexec- custom- dbgsym in ubuntu eoan.
- apache2-suexec-pristine: No summary available for apache2-suexec-pristine in ubuntu eoan.
No description available for apache2-
suexec- pristine in ubuntu eoan.
- apache2-suexec-pristine-dbgsym: No summary available for apache2-suexec-pristine-dbgsym in ubuntu eoan.
No description available for apache2-
suexec- pristine- dbgsym in ubuntu eoan.
- apache2-utils: No summary available for apache2-utils in ubuntu eoan.
No description available for apache2-utils in ubuntu eoan.
- apache2-utils-dbgsym: No summary available for apache2-utils-dbgsym in ubuntu eoan.
No description available for apache2-
utils-dbgsym in ubuntu eoan.
- libapache2-mod-md: No summary available for libapache2-mod-md in ubuntu eoan.
No description available for libapache2-mod-md in ubuntu eoan.
- libapache2-mod-proxy-uwsgi: No summary available for libapache2-mod-proxy-uwsgi in ubuntu eoan.
No description available for libapache2-
mod-proxy- uwsgi in ubuntu eoan.