Ubuntu
apache2 package

Activity log for bug #1875299

Date	Who	What changed	Old value	New value	Message
2020-04-27 07:38:32	Andrey	bug			added bug
2020-04-27 08:15:16	Andrey	summary	Apache's mod_repoteip: IP spoofing via X-Forwarded-For when mod_rewrite rule is triggered	Apache's mod_remoteip: IP spoofing via X-Forwarded-For when mod_rewrite rule is triggered
2020-04-27 08:15:52	Andrey	summary	Apache's mod_remoteip: IP spoofing via X-Forwarded-For when mod_rewrite rule is triggered	Apache's mod_remoteip: IP address spoofing via X-Forwarded-For when mod_rewrite rule is triggered
2020-04-28 00:40:00	Seth Arnold	information type	Private Security	Public Security
2020-04-28 00:40:01	Seth Arnold	bug			added subscriber Ubuntu Bugs
2020-04-30 01:26:14	Rafael David Tinoco	bug			added subscriber Ubuntu Security Team
2020-04-30 01:26:35	Rafael David Tinoco	bug			added subscriber Ubuntu Server
2020-05-27 14:42:36	Robie Basak	tags	amd64 apport-bug xenial	amd64 apport-bug server-next xenial
2020-05-27 14:44:12	Robie Basak	nominated for series		Ubuntu Xenial
2020-05-27 14:44:12	Robie Basak	bug task added		apache2 (Ubuntu Xenial)
2020-05-27 14:44:17	Robie Basak	apache2 (Ubuntu Xenial): status	New	Triaged
2020-05-28 11:22:45	Launchpad Janitor	apache2 (Ubuntu): status	New	Confirmed
2020-06-11 18:26:12	Marcus	attachment added		/etc/apache2/sites-enabled/apache-default.conf https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1875299/+attachment/5383082/+files/apache-default.conf
2020-06-11 18:26:50	Marcus	attachment added		/etc/nginx/sites-enabled/nginx-default https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1875299/+attachment/5383083/+files/nginx-default
2020-06-11 18:27:14	Marcus	attachment added		/var/www/html/index.php https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1875299/+attachment/5383084/+files/index.php
2020-06-11 18:48:03	Marcus	bug task added		apache2 (Debian)
2020-06-15 12:09:47	Christian Ehrhardt 	apache2 (Ubuntu): status	Confirmed	Fix Released
2020-06-15 12:31:50	Christian Ehrhardt 	apache2 (Ubuntu Xenial): status	Triaged	Incomplete
2020-06-15 13:40:00	Christian Ehrhardt 	description	There is a bug in mod_remoteip (a part of Apache Web Server): https://bz.apache.org/bugzilla/show_bug.cgi?id=60251 Although the status of this bug is "NEW", actually it was fixed in Apache 2.4.24. Although a CVE id was not requested yet, actually it is a vulnerability. The fix was not backported to Ubuntu 16.04 (xenial). Impact: if a victim uses Apache rewrite rules, then an attacker can spoof his IP address for logs and PHP scripts. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: apache2 2.4.18-2ubuntu3.14 ProcVersionSignature: Ubuntu 4.4.0-22.40-generic 4.4.8 Uname: Linux 4.4.0-22-generic x86_64 Apache2ConfdDirListing: False ApportVersion: 2.20.1-0ubuntu2.23 Architecture: amd64 Date: Mon Apr 27 13:17:43 2020 SourcePackage: apache2 UpgradeStatus: No upgrade log present (probably fresh install) error.log: modified.conffile..etc.apache2.apache2.conf: [modified] modified.conffile..etc.apache2.mods-available.dir.conf: [modified] modified.conffile..etc.apache2.mods-available.ssl.conf: [modified] modified.conffile..etc.apache2.ports.conf: [modified] modified.conffile..etc.apache2.sites-available.000-default.conf: [modified] modified.conffile..etc.apache2.sites-available.default-ssl.conf: [modified] mtime.conffile..etc.apache2.apache2.conf: 2020-04-23T15:45:48.416970 mtime.conffile..etc.apache2.mods-available.dir.conf: 2020-04-23T12:03:13.711062 mtime.conffile..etc.apache2.mods-available.ssl.conf: 2020-04-23T12:02:44.854484 mtime.conffile..etc.apache2.ports.conf: 2020-04-23T15:45:48.169037 mtime.conffile..etc.apache2.sites-available.000-default.conf: 2020-04-23T15:45:48.197030 mtime.conffile..etc.apache2.sites-available.default-ssl.conf: 2020-04-23T15:45:48.225022	[Impact] * remoteip/mod_rewrite and a proxy might allow faking the source URL * TBD - once the fix was analyzed [Test Case] $ apt install apache2 libapache2-mod-php define /etc/apache2/sites-enabled/000-default.conf as: <VirtualHost :8080> DocumentRoot /var/www/html <IfModule mod_remoteip.c> RemoteIPInternalProxy 127.0.0.1 RemoteIPHeader X-Forwarded-For </IfModule> <Directory /var/www/html> RewriteEngine On RewriteRule . index.php [L,QSA] </Directory> </VirtualHost> In File /etc/apache2/ports.conf change Listen 80 to Listen 8080 $ sudo a2enmod rewrite $ sudo a2enmod remoteip $ sudo a2enmod php7.0 $ systemctl restart apache2 $ apt install nginx define file /etc/nginx/sites-enabled/default as: server { listen 80 default_server; root /var/www/html; server_name _; location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } $ systemctl restart nginx define file /var/www/html/index.php as: <?php echo $_SERVER['REMOTE_ADDR'] . "\n"; ?> $ curl http://localhost/index.php 127.0.0.1 $ curl http://localhost/seo-friendly-url 127.0.0.1 $ curl http://localhost/seo-friendly-url -H "X-Forwarded-For: 1.1.1.1" 1.1.1.1 Expected: - the last one should not be the fake 1.1.1.1 - if you do this from a remote host it should show the remote IP for all three. [Regression Potential] * TBD [Other Info] * one can debate if this is a security issue (crafting of wrong origin logs) or not but I'll leave that to other people. --- There is a bug in mod_remoteip (a part of Apache Web Server): https://bz.apache.org/bugzilla/show_bug.cgi?id=60251 Although the status of this bug is "NEW", actually it was fixed in Apache 2.4.24. Although a CVE id was not requested yet, actually it is a vulnerability. The fix was not backported to Ubuntu 16.04 (xenial). Impact: if a victim uses Apache rewrite rules, then an attacker can spoof his IP address for logs and PHP scripts. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: apache2 2.4.18-2ubuntu3.14 ProcVersionSignature: Ubuntu 4.4.0-22.40-generic 4.4.8 Uname: Linux 4.4.0-22-generic x86_64 Apache2ConfdDirListing: False ApportVersion: 2.20.1-0ubuntu2.23 Architecture: amd64 Date: Mon Apr 27 13:17:43 2020 SourcePackage: apache2 UpgradeStatus: No upgrade log present (probably fresh install) error.log: modified.conffile..etc.apache2.apache2.conf: [modified] modified.conffile..etc.apache2.mods-available.dir.conf: [modified] modified.conffile..etc.apache2.mods-available.ssl.conf: [modified] modified.conffile..etc.apache2.ports.conf: [modified] modified.conffile..etc.apache2.sites-available.000-default.conf: [modified] modified.conffile..etc.apache2.sites-available.default-ssl.conf: [modified] mtime.conffile..etc.apache2.apache2.conf: 2020-04-23T15:45:48.416970 mtime.conffile..etc.apache2.mods-available.dir.conf: 2020-04-23T12:03:13.711062 mtime.conffile..etc.apache2.mods-available.ssl.conf: 2020-04-23T12:02:44.854484 mtime.conffile..etc.apache2.ports.conf: 2020-04-23T15:45:48.169037 mtime.conffile..etc.apache2.sites-available.000-default.conf: 2020-04-23T15:45:48.197030 mtime.conffile..etc.apache2.sites-available.default-ssl.conf: 2020-04-23T15:45:48.225022
2020-06-15 14:27:33	Christian Ehrhardt 	description	[Impact] * remoteip/mod_rewrite and a proxy might allow faking the source URL * TBD - once the fix was analyzed [Test Case] $ apt install apache2 libapache2-mod-php define /etc/apache2/sites-enabled/000-default.conf as: <VirtualHost :8080> DocumentRoot /var/www/html <IfModule mod_remoteip.c> RemoteIPInternalProxy 127.0.0.1 RemoteIPHeader X-Forwarded-For </IfModule> <Directory /var/www/html> RewriteEngine On RewriteRule . index.php [L,QSA] </Directory> </VirtualHost> In File /etc/apache2/ports.conf change Listen 80 to Listen 8080 $ sudo a2enmod rewrite $ sudo a2enmod remoteip $ sudo a2enmod php7.0 $ systemctl restart apache2 $ apt install nginx define file /etc/nginx/sites-enabled/default as: server { listen 80 default_server; root /var/www/html; server_name _; location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } $ systemctl restart nginx define file /var/www/html/index.php as: <?php echo $_SERVER['REMOTE_ADDR'] . "\n"; ?> $ curl http://localhost/index.php 127.0.0.1 $ curl http://localhost/seo-friendly-url 127.0.0.1 $ curl http://localhost/seo-friendly-url -H "X-Forwarded-For: 1.1.1.1" 1.1.1.1 Expected: - the last one should not be the fake 1.1.1.1 - if you do this from a remote host it should show the remote IP for all three. [Regression Potential] * TBD [Other Info] * one can debate if this is a security issue (crafting of wrong origin logs) or not but I'll leave that to other people. --- There is a bug in mod_remoteip (a part of Apache Web Server): https://bz.apache.org/bugzilla/show_bug.cgi?id=60251 Although the status of this bug is "NEW", actually it was fixed in Apache 2.4.24. Although a CVE id was not requested yet, actually it is a vulnerability. The fix was not backported to Ubuntu 16.04 (xenial). Impact: if a victim uses Apache rewrite rules, then an attacker can spoof his IP address for logs and PHP scripts. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: apache2 2.4.18-2ubuntu3.14 ProcVersionSignature: Ubuntu 4.4.0-22.40-generic 4.4.8 Uname: Linux 4.4.0-22-generic x86_64 Apache2ConfdDirListing: False ApportVersion: 2.20.1-0ubuntu2.23 Architecture: amd64 Date: Mon Apr 27 13:17:43 2020 SourcePackage: apache2 UpgradeStatus: No upgrade log present (probably fresh install) error.log: modified.conffile..etc.apache2.apache2.conf: [modified] modified.conffile..etc.apache2.mods-available.dir.conf: [modified] modified.conffile..etc.apache2.mods-available.ssl.conf: [modified] modified.conffile..etc.apache2.ports.conf: [modified] modified.conffile..etc.apache2.sites-available.000-default.conf: [modified] modified.conffile..etc.apache2.sites-available.default-ssl.conf: [modified] mtime.conffile..etc.apache2.apache2.conf: 2020-04-23T15:45:48.416970 mtime.conffile..etc.apache2.mods-available.dir.conf: 2020-04-23T12:03:13.711062 mtime.conffile..etc.apache2.mods-available.ssl.conf: 2020-04-23T12:02:44.854484 mtime.conffile..etc.apache2.ports.conf: 2020-04-23T15:45:48.169037 mtime.conffile..etc.apache2.sites-available.000-default.conf: 2020-04-23T15:45:48.197030 mtime.conffile..etc.apache2.sites-available.default-ssl.conf: 2020-04-23T15:45:48.225022	[Impact] * remoteip/mod_rewrite and a proxy might allow faking the source URL * Fix by backporting an upstream change added in 2.4.24 and later (was not changed since the fix). * The fix is small and only changes behavior in a very special case that formerly was broken (if there was a useragent_addr on re-processing). For other cases the behavior is unchanged. [Test Case] $ apt install apache2 libapache2-mod-php define /etc/apache2/sites-enabled/000-default.conf as: <VirtualHost :8080> DocumentRoot /var/www/html <IfModule mod_remoteip.c> RemoteIPInternalProxy 127.0.0.1 RemoteIPHeader X-Forwarded-For </IfModule> <Directory /var/www/html> RewriteEngine On RewriteRule . index.php [L,QSA] </Directory> </VirtualHost> In File /etc/apache2/ports.conf change Listen 80 to Listen 8080 $ sudo a2enmod rewrite $ sudo a2enmod remoteip $ sudo a2enmod php7.0 $ systemctl restart apache2 $ apt install nginx define file /etc/nginx/sites-enabled/default as: server { listen 80 default_server; root /var/www/html; server_name _; location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } $ systemctl restart nginx define file /var/www/html/index.php as: <?php echo $_SERVER['REMOTE_ADDR'] . "\n"; ?> $ curl http://localhost/index.php 127.0.0.1 $ curl http://localhost/seo-friendly-url 127.0.0.1 $ curl http://localhost/seo-friendly-url -H "X-Forwarded-For: 1.1.1.1" 1.1.1.1 Expected: - the last one should not be the fake 1.1.1.1 - if you do this from a remote host it should show the remote IP for all three. [Regression Potential] * If remote_ip isn' enabled (the common case) the change should be a no- op. It only is important when using remote_ip and processing things twice e.g. on an error handler. There due to an issue it allowed to fake the RemoteIP. Fixing that should fix the issue, but not break other things - if anywhere then remoteIP handling would be the one expected to see regressions of any sort, but most likely only if people started to rely on the bad behavior. [Other Info] * one can debate if this is a security issue (crafting of wrong origin logs) or not but I'll leave that to other people. --- There is a bug in mod_remoteip (a part of Apache Web Server): https://bz.apache.org/bugzilla/show_bug.cgi?id=60251 Although the status of this bug is "NEW", actually it was fixed in Apache 2.4.24. Although a CVE id was not requested yet, actually it is a vulnerability. The fix was not backported to Ubuntu 16.04 (xenial). Impact: if a victim uses Apache rewrite rules, then an attacker can spoof his IP address for logs and PHP scripts. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: apache2 2.4.18-2ubuntu3.14 ProcVersionSignature: Ubuntu 4.4.0-22.40-generic 4.4.8 Uname: Linux 4.4.0-22-generic x86_64 Apache2ConfdDirListing: False ApportVersion: 2.20.1-0ubuntu2.23 Architecture: amd64 Date: Mon Apr 27 13:17:43 2020 SourcePackage: apache2 UpgradeStatus: No upgrade log present (probably fresh install) error.log: modified.conffile..etc.apache2.apache2.conf: [modified] modified.conffile..etc.apache2.mods-available.dir.conf: [modified] modified.conffile..etc.apache2.mods-available.ssl.conf: [modified] modified.conffile..etc.apache2.ports.conf: [modified] modified.conffile..etc.apache2.sites-available.000-default.conf: [modified] modified.conffile..etc.apache2.sites-available.default-ssl.conf: [modified] mtime.conffile..etc.apache2.apache2.conf: 2020-04-23T15:45:48.416970 mtime.conffile..etc.apache2.mods-available.dir.conf: 2020-04-23T12:03:13.711062 mtime.conffile..etc.apache2.mods-available.ssl.conf: 2020-04-23T12:02:44.854484 mtime.conffile..etc.apache2.ports.conf: 2020-04-23T15:45:48.169037 mtime.conffile..etc.apache2.sites-available.000-default.conf: 2020-04-23T15:45:48.197030 mtime.conffile..etc.apache2.sites-available.default-ssl.conf: 2020-04-23T15:45:48.225022
2020-06-15 14:31:49	Launchpad Janitor	merge proposal linked		https://code.launchpad.net/~paelzer/ubuntu/+source/apache2/+git/apache2/+merge/385748
2020-06-16 04:59:22	Christian Ehrhardt 	bug watch added		https://bz.apache.org/bugzilla/show_bug.cgi?id=60251
2020-06-16 08:34:35	Christian Ehrhardt 	description	[Impact] * remoteip/mod_rewrite and a proxy might allow faking the source URL * Fix by backporting an upstream change added in 2.4.24 and later (was not changed since the fix). * The fix is small and only changes behavior in a very special case that formerly was broken (if there was a useragent_addr on re-processing). For other cases the behavior is unchanged. [Test Case] $ apt install apache2 libapache2-mod-php define /etc/apache2/sites-enabled/000-default.conf as: <VirtualHost :8080> DocumentRoot /var/www/html <IfModule mod_remoteip.c> RemoteIPInternalProxy 127.0.0.1 RemoteIPHeader X-Forwarded-For </IfModule> <Directory /var/www/html> RewriteEngine On RewriteRule . index.php [L,QSA] </Directory> </VirtualHost> In File /etc/apache2/ports.conf change Listen 80 to Listen 8080 $ sudo a2enmod rewrite $ sudo a2enmod remoteip $ sudo a2enmod php7.0 $ systemctl restart apache2 $ apt install nginx define file /etc/nginx/sites-enabled/default as: server { listen 80 default_server; root /var/www/html; server_name _; location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } $ systemctl restart nginx define file /var/www/html/index.php as: <?php echo $_SERVER['REMOTE_ADDR'] . "\n"; ?> $ curl http://localhost/index.php 127.0.0.1 $ curl http://localhost/seo-friendly-url 127.0.0.1 $ curl http://localhost/seo-friendly-url -H "X-Forwarded-For: 1.1.1.1" 1.1.1.1 Expected: - the last one should not be the fake 1.1.1.1 - if you do this from a remote host it should show the remote IP for all three. [Regression Potential] * If remote_ip isn' enabled (the common case) the change should be a no- op. It only is important when using remote_ip and processing things twice e.g. on an error handler. There due to an issue it allowed to fake the RemoteIP. Fixing that should fix the issue, but not break other things - if anywhere then remoteIP handling would be the one expected to see regressions of any sort, but most likely only if people started to rely on the bad behavior. [Other Info] * one can debate if this is a security issue (crafting of wrong origin logs) or not but I'll leave that to other people. --- There is a bug in mod_remoteip (a part of Apache Web Server): https://bz.apache.org/bugzilla/show_bug.cgi?id=60251 Although the status of this bug is "NEW", actually it was fixed in Apache 2.4.24. Although a CVE id was not requested yet, actually it is a vulnerability. The fix was not backported to Ubuntu 16.04 (xenial). Impact: if a victim uses Apache rewrite rules, then an attacker can spoof his IP address for logs and PHP scripts. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: apache2 2.4.18-2ubuntu3.14 ProcVersionSignature: Ubuntu 4.4.0-22.40-generic 4.4.8 Uname: Linux 4.4.0-22-generic x86_64 Apache2ConfdDirListing: False ApportVersion: 2.20.1-0ubuntu2.23 Architecture: amd64 Date: Mon Apr 27 13:17:43 2020 SourcePackage: apache2 UpgradeStatus: No upgrade log present (probably fresh install) error.log: modified.conffile..etc.apache2.apache2.conf: [modified] modified.conffile..etc.apache2.mods-available.dir.conf: [modified] modified.conffile..etc.apache2.mods-available.ssl.conf: [modified] modified.conffile..etc.apache2.ports.conf: [modified] modified.conffile..etc.apache2.sites-available.000-default.conf: [modified] modified.conffile..etc.apache2.sites-available.default-ssl.conf: [modified] mtime.conffile..etc.apache2.apache2.conf: 2020-04-23T15:45:48.416970 mtime.conffile..etc.apache2.mods-available.dir.conf: 2020-04-23T12:03:13.711062 mtime.conffile..etc.apache2.mods-available.ssl.conf: 2020-04-23T12:02:44.854484 mtime.conffile..etc.apache2.ports.conf: 2020-04-23T15:45:48.169037 mtime.conffile..etc.apache2.sites-available.000-default.conf: 2020-04-23T15:45:48.197030 mtime.conffile..etc.apache2.sites-available.default-ssl.conf: 2020-04-23T15:45:48.225022	[Impact] * remoteip/mod_rewrite and a proxy might allow faking the source URL * Fix by backporting an upstream change added in 2.4.24 and later (was not changed since the fix). * The fix is small and only changes behavior in a very special case that formerly was broken (if there was a useragent_addr on re-processing). For other cases the behavior is unchanged. [Test Case] $ apt install apache2 libapache2-mod-php define /etc/apache2/sites-enabled/000-default.conf as: <VirtualHost :8080> DocumentRoot /var/www/html <IfModule mod_remoteip.c> RemoteIPInternalProxy 127.0.0.1 RemoteIPHeader X-Forwarded-For </IfModule> <Directory /var/www/html> RewriteEngine On RewriteRule . index.php [L,QSA] </Directory> </VirtualHost> In File /etc/apache2/ports.conf change Listen 80 to Listen 8080 $ sudo a2enmod rewrite $ sudo a2enmod remoteip $ sudo a2enmod php7.0 $ systemctl restart apache2 $ apt install nginx define file /etc/nginx/sites-enabled/default as: server { listen 80 default_server; root /var/www/html; server_name _; location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } $ systemctl restart nginx define file /var/www/html/index.php as: <?php echo $_SERVER['REMOTE_ADDR'] . "\n"; ?> You need to do the following from a second host in the same network, do not use "localhost" as there it can't differentiate the processing no matter if fixed or not. $ curl http://<IP>/index.php 127.0.0.1 $ curl http://<IP>/seo-friendly-url 127.0.0.1 $ curl http://<IP>/seo-friendly-url -H "X-Forwarded-For: 1.1.1.1" 1.1.1.1 Expected: - the last one should not be the fake 1.1.1.1 - if you do this from a remote host it should show the remote IP for all three. [Regression Potential] * If remote_ip isn' enabled (the common case) the change should be a no- op. It only is important when using remote_ip and processing things twice e.g. on an error handler. There due to an issue it allowed to fake the RemoteIP. Fixing that should fix the issue, but not break other things - if anywhere then remoteIP handling would be the one expected to see regressions of any sort, but most likely only if people started to rely on the bad behavior. [Other Info] * one can debate if this is a security issue (crafting of wrong origin logs) or not but I'll leave that to other people. --- There is a bug in mod_remoteip (a part of Apache Web Server): https://bz.apache.org/bugzilla/show_bug.cgi?id=60251 Although the status of this bug is "NEW", actually it was fixed in Apache 2.4.24. Although a CVE id was not requested yet, actually it is a vulnerability. The fix was not backported to Ubuntu 16.04 (xenial). Impact: if a victim uses Apache rewrite rules, then an attacker can spoof his IP address for logs and PHP scripts. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: apache2 2.4.18-2ubuntu3.14 ProcVersionSignature: Ubuntu 4.4.0-22.40-generic 4.4.8 Uname: Linux 4.4.0-22-generic x86_64 Apache2ConfdDirListing: False ApportVersion: 2.20.1-0ubuntu2.23 Architecture: amd64 Date: Mon Apr 27 13:17:43 2020 SourcePackage: apache2 UpgradeStatus: No upgrade log present (probably fresh install) error.log: modified.conffile..etc.apache2.apache2.conf: [modified] modified.conffile..etc.apache2.mods-available.dir.conf: [modified] modified.conffile..etc.apache2.mods-available.ssl.conf: [modified] modified.conffile..etc.apache2.ports.conf: [modified] modified.conffile..etc.apache2.sites-available.000-default.conf: [modified] modified.conffile..etc.apache2.sites-available.default-ssl.conf: [modified] mtime.conffile..etc.apache2.apache2.conf: 2020-04-23T15:45:48.416970 mtime.conffile..etc.apache2.mods-available.dir.conf: 2020-04-23T12:03:13.711062 mtime.conffile..etc.apache2.mods-available.ssl.conf: 2020-04-23T12:02:44.854484 mtime.conffile..etc.apache2.ports.conf: 2020-04-23T15:45:48.169037 mtime.conffile..etc.apache2.sites-available.000-default.conf: 2020-04-23T15:45:48.197030 mtime.conffile..etc.apache2.sites-available.default-ssl.conf: 2020-04-23T15:45:48.225022
2020-06-24 14:57:39	Robie Basak	apache2 (Ubuntu Xenial): status	Incomplete	Fix Committed
2020-06-24 14:57:41	Robie Basak	bug			added subscriber Ubuntu Stable Release Updates Team
2020-06-24 14:57:43	Robie Basak	bug			added subscriber SRU Verification
2020-06-24 14:57:46	Robie Basak	tags	amd64 apport-bug server-next xenial	amd64 apport-bug server-next verification-needed verification-needed-xenial xenial
2020-06-25 05:16:08	Christian Ehrhardt 	tags	amd64 apport-bug server-next verification-needed verification-needed-xenial xenial	amd64 apport-bug server-next verification-done verification-done-xenial xenial
2020-07-07 21:53:41	Launchpad Janitor	apache2 (Ubuntu Xenial): status	Fix Committed	Fix Released
2020-07-07 21:53:45	Brian Murray	removed subscriber Ubuntu Stable Release Updates Team

Ubuntuapache2 package

Activity log for bug #1875299

Ubuntu
apache2 package