Format: 1.8
Date: Wed, 18 Apr 2018 10:20:05 -0400
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg
Architecture: armhf
Version: 2.4.27-2ubuntu4.1
Distribution: artful
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-021.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
Changes:
 apache2 (2.4.27-2ubuntu4.1) artful-security; urgency=medium
 .
   * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
     - debian/patches/CVE-2017-15710.patch: fix language long names
       detection as short name in modules/aaa/mod_authnz_ldap.c.
     - CVE-2017-15710
   * SECURITY UPDATE: incorrect <FilesMatch> matching
     - debian/patches/CVE-2017-15715.patch: allow to configure
       global/default options for regexes, like caseless matching or
       extended format in include/ap_regex.h, server/core.c,
       server/util_pcre.c.
     - CVE-2017-15715
   * SECURITY UPDATE: mod_session header manipulation
     - debian/patches/CVE-2018-1283.patch: strip Session header when
       SessionEnv is on in modules/session/mod_session.c.
     - CVE-2018-1283
   * SECURITY UPDATE: DoS via specially-crafted request
     - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
       terminated on any error, not only on buffer full in
       server/protocol.c.
     - CVE-2018-1301
   * SECURITY UPDATE: mod_cache_socache DoS
     - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
       to carriage return in modules/cache/mod_cache_socache.c.
     - CVE-2018-1303
   * SECURITY UPDATE: insecure nonce generation
     - debian/patches/CVE-2018-1312.patch: actually use the secret when
       generating nonces in modules/aaa/mod_auth_digest.c.
     - CVE-2018-1312
Checksums-Sha1:
 5245e97aeb459c3cb26f85171fed4c390018d22e 845006 apache2-bin_2.4.27-2ubuntu4.1_armhf.deb
 b7df3d2d77424379724809ca45cc0e546ce69616 3590722 apache2-dbg_2.4.27-2ubuntu4.1_armhf.deb
 a63af7c24b845c4b490ec351205a3c3038e1e91d 176084 apache2-dev_2.4.27-2ubuntu4.1_armhf.deb
 1bc0f9e6f0c48c3435aa9c955aeab062bfa60c15 2300 apache2-ssl-dev_2.4.27-2ubuntu4.1_armhf.deb
 e1065b08eaaa8f43d2f50bb010f4f573cf525635 14490 apache2-suexec-custom_2.4.27-2ubuntu4.1_armhf.deb
 f9223149306df11bc2c76a87408fc615dc1d3b86 13038 apache2-suexec-pristine_2.4.27-2ubuntu4.1_armhf.deb
 6f06831448edbd002a1924d52487c1eb7811c150 83046 apache2-utils_2.4.27-2ubuntu4.1_armhf.deb
 98857168caba2df7499d0c4aa5926086c6b81032 8913 apache2_2.4.27-2ubuntu4.1_armhf.buildinfo
 32848b31f7f8a2d78a9c197e5d0aafe2a3932b44 95850 apache2_2.4.27-2ubuntu4.1_armhf.deb
Checksums-Sha256:
 d99ce8f7109d55486b70182a74a65312bde6bfa389854c53371c7d11b0975821 845006 apache2-bin_2.4.27-2ubuntu4.1_armhf.deb
 7cb132c6946fde8280b0a83f37ed863782e201cbcd80c6ba9cebb8de517c85b7 3590722 apache2-dbg_2.4.27-2ubuntu4.1_armhf.deb
 b11cf0d6bf077e7eac3929c8ef2f8a22cfc36c6e6046be396684741de7bc5103 176084 apache2-dev_2.4.27-2ubuntu4.1_armhf.deb
 0ddc9d5c4dc5b83e9a376ec6b1449573e2c930de2c74f5faf36a3e8bc6b66405 2300 apache2-ssl-dev_2.4.27-2ubuntu4.1_armhf.deb
 82af18947b550cb41c03d13b72b24b145a1014c687d7cc8acd37576c3f57977a 14490 apache2-suexec-custom_2.4.27-2ubuntu4.1_armhf.deb
 e3eac66a5cabdb25fad7b398f1c454779a5ef3915f6a8a66f1c3ff7fb8d4584a 13038 apache2-suexec-pristine_2.4.27-2ubuntu4.1_armhf.deb
 7b48bb3f84c60e314be15e71aadc1973129da1875b7803f12da31e80a908313e 83046 apache2-utils_2.4.27-2ubuntu4.1_armhf.deb
 16332e0a4cef64521755d51c85857886480b94fdb3a24fd4c3d4634ce2c7dbf0 8913 apache2_2.4.27-2ubuntu4.1_armhf.buildinfo
 2179fe198f293946ed5e021abd17ce6ae7d35442c0dec180d9f594b5481332af 95850 apache2_2.4.27-2ubuntu4.1_armhf.deb
Files:
 ff5b734a1f0592fb60d3131a465856ca 845006 httpd optional apache2-bin_2.4.27-2ubuntu4.1_armhf.deb
 66dba9c264fa68a37299f9582eff76c7 3590722 debug extra apache2-dbg_2.4.27-2ubuntu4.1_armhf.deb
 77404f75cde325429691c9287e85bb5c 176084 httpd optional apache2-dev_2.4.27-2ubuntu4.1_armhf.deb
 0ceb6558d8dc0c67bf2b5482dec9a771 2300 httpd optional apache2-ssl-dev_2.4.27-2ubuntu4.1_armhf.deb
 917623847372d3a738c87adaa36a4b2c 14490 httpd extra apache2-suexec-custom_2.4.27-2ubuntu4.1_armhf.deb
 b93d6949cc1419e7cdab9e997fd5f12a 13038 httpd optional apache2-suexec-pristine_2.4.27-2ubuntu4.1_armhf.deb
 2d2ec2bf47cab2c5feae5b252fe8e82f 83046 httpd optional apache2-utils_2.4.27-2ubuntu4.1_armhf.deb
 116b7d9d60d32de193c8ec244ab39c39 8913 httpd optional apache2_2.4.27-2ubuntu4.1_armhf.buildinfo
 b19fc70ac2590e1fb624df800ccdcff7 95850 httpd optional apache2_2.4.27-2ubuntu4.1_armhf.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>