Format: 1.8
Date: Wed, 18 Apr 2018 10:20:05 -0400
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg
Architecture: amd64 all
Version: 2.4.27-2ubuntu4.1
Distribution: artful
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lgw01-amd64-009.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
Changes:
 apache2 (2.4.27-2ubuntu4.1) artful-security; urgency=medium
 .
   * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
     - debian/patches/CVE-2017-15710.patch: fix language long names
       detection as short name in modules/aaa/mod_authnz_ldap.c.
     - CVE-2017-15710
   * SECURITY UPDATE: incorrect <FilesMatch> matching
     - debian/patches/CVE-2017-15715.patch: allow to configure
       global/default options for regexes, like caseless matching or
       extended format in include/ap_regex.h, server/core.c,
       server/util_pcre.c.
     - CVE-2017-15715
   * SECURITY UPDATE: mod_session header manipulation
     - debian/patches/CVE-2018-1283.patch: strip Session header when
       SessionEnv is on in modules/session/mod_session.c.
     - CVE-2018-1283
   * SECURITY UPDATE: DoS via specially-crafted request
     - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
       terminated on any error, not only on buffer full in
       server/protocol.c.
     - CVE-2018-1301
   * SECURITY UPDATE: mod_cache_socache DoS
     - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
       to carriage return in modules/cache/mod_cache_socache.c.
     - CVE-2018-1303
   * SECURITY UPDATE: insecure nonce generation
     - debian/patches/CVE-2018-1312.patch: actually use the secret when
       generating nonces in modules/aaa/mod_auth_digest.c.
     - CVE-2018-1312
Checksums-Sha1:
 370d2ff55d1e1f63c8a346f03d1f0ad9a35a574f 968714 apache2-bin_2.4.27-2ubuntu4.1_amd64.deb
 adfb7266ef84bf9be873f9da278c82e61787baa3 160832 apache2-data_2.4.27-2ubuntu4.1_all.deb
 75ef975f3fb25c8683d28dad45eadd4c3a2a7623 3621584 apache2-dbg_2.4.27-2ubuntu4.1_amd64.deb
 cdc005029ee6e6786ca71c67d00aaef5eb3a7eb2 176060 apache2-dev_2.4.27-2ubuntu4.1_amd64.deb
 65ad20c0976b555ff4dcc3001c75bb3906c4d728 3679470 apache2-doc_2.4.27-2ubuntu4.1_all.deb
 73bc86fa0816dad22594f167dbe4a0e7eb68e209 2300 apache2-ssl-dev_2.4.27-2ubuntu4.1_amd64.deb
 b958ac46699b41df9907d38fbc0c8a2479b7cd96 15296 apache2-suexec-custom_2.4.27-2ubuntu4.1_amd64.deb
 63052988f5eba1e183a9bef13b65c74a62be422f 13790 apache2-suexec-pristine_2.4.27-2ubuntu4.1_amd64.deb
 f6fd3dace10a3fca74a8e650f0c7b78b89f3d4ba 82832 apache2-utils_2.4.27-2ubuntu4.1_amd64.deb
 0a85d33065f00b4bcdd686a8e8f8e7b5c387be49 9636 apache2_2.4.27-2ubuntu4.1_amd64.buildinfo
 51cefadf8ccf9fdfec17bbb3200f9f4a0471c8b1 95850 apache2_2.4.27-2ubuntu4.1_amd64.deb
Checksums-Sha256:
 a691eebf738867ba2009a41fe62354996ca287f7080ce5c5e4e4e3bb7d32c051 968714 apache2-bin_2.4.27-2ubuntu4.1_amd64.deb
 8cb2a0eac67803dc7a4cb74e652f9cd8561c078bd66e5250c68dfc85f23717e7 160832 apache2-data_2.4.27-2ubuntu4.1_all.deb
 8c36e5d5fb6d7191c708d9432bcf24d392f25650b8e99d3abb4c83baacb6e668 3621584 apache2-dbg_2.4.27-2ubuntu4.1_amd64.deb
 626d11afb325342e057b3cec2790a9943921e731de8aa7678f55abdb01c9ca4e 176060 apache2-dev_2.4.27-2ubuntu4.1_amd64.deb
 12e0007d360f37b3d99f7ddc7d70803ef967c019a0fda672d4ea874a41d1cabb 3679470 apache2-doc_2.4.27-2ubuntu4.1_all.deb
 591f2712c79dfa789047965956ff545cbf02bc0ac34293f306961f3243c55c90 2300 apache2-ssl-dev_2.4.27-2ubuntu4.1_amd64.deb
 dfa4be48316f993d16612e06ee9e734d0090637b73f9d1fa72813e7238c3cbde 15296 apache2-suexec-custom_2.4.27-2ubuntu4.1_amd64.deb
 b90ac08b502e866a2ee78b5d8dda39bbcbbf65464d05831b348f1621903c9605 13790 apache2-suexec-pristine_2.4.27-2ubuntu4.1_amd64.deb
 8cd90364f73da47a7603de470aa598e68b1776849fc53c69bb1ca1f4c26592dd 82832 apache2-utils_2.4.27-2ubuntu4.1_amd64.deb
 ba363b15dcd115e6b02b5303f787ac453429eb154815e8363b994b7bc2af99da 9636 apache2_2.4.27-2ubuntu4.1_amd64.buildinfo
 9670c83f2bc22c3f61747e52a171dd64441e82e5491abafdc77a4779856847cd 95850 apache2_2.4.27-2ubuntu4.1_amd64.deb
Files:
 a6a611d4218c35e9baf2fe68d5c2d2b5 968714 httpd optional apache2-bin_2.4.27-2ubuntu4.1_amd64.deb
 8d482734e9b0939d8626115bfdc3a55f 160832 httpd optional apache2-data_2.4.27-2ubuntu4.1_all.deb
 a22f50b757eb5ab17f9fbb72e9b95b8c 3621584 debug extra apache2-dbg_2.4.27-2ubuntu4.1_amd64.deb
 e870cb2ed6cb4d002402014d4e27ecaa 176060 httpd optional apache2-dev_2.4.27-2ubuntu4.1_amd64.deb
 bf83e9c941bda0fd5b0ba0cdd830b0b8 3679470 doc optional apache2-doc_2.4.27-2ubuntu4.1_all.deb
 b42293b36fe24fcd8f77cd63025638f5 2300 httpd optional apache2-ssl-dev_2.4.27-2ubuntu4.1_amd64.deb
 e9fad3046a9974bc6de45874fbfadeec 15296 httpd extra apache2-suexec-custom_2.4.27-2ubuntu4.1_amd64.deb
 429407e09d5c2feaccd8f52f8b5282e5 13790 httpd optional apache2-suexec-pristine_2.4.27-2ubuntu4.1_amd64.deb
 07341d38d02e72afecedd88dfe0f9de9 82832 httpd optional apache2-utils_2.4.27-2ubuntu4.1_amd64.deb
 57b0ae43a8626769b84f2275a3c75c90 9636 httpd optional apache2_2.4.27-2ubuntu4.1_amd64.buildinfo
 3561c19a8d258c25a8bb96132ca450c9 95850 httpd optional apache2_2.4.27-2ubuntu4.1_amd64.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>