Format: 1.8
Date: Wed, 25 Apr 2018 07:38:24 -0400
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg
Architecture: amd64 all
Version: 2.4.29-1ubuntu4.1
Distribution: bionic
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lgw01-amd64-055.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
Changes:
 apache2 (2.4.29-1ubuntu4.1) bionic-security; urgency=medium
 .
   * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
     - debian/patches/CVE-2017-15710.patch: fix language long names
       detection as short name in modules/aaa/mod_authnz_ldap.c.
     - CVE-2017-15710
   * SECURITY UPDATE: incorrect <FilesMatch> matching
     - debian/patches/CVE-2017-15715.patch: allow to configure
       global/default options for regexes, like caseless matching or
       extended format in include/ap_regex.h, server/core.c,
       server/util_pcre.c.
     - CVE-2017-15715
   * SECURITY UPDATE: mod_session header manipulation
     - debian/patches/CVE-2018-1283.patch: strip Session header when
       SessionEnv is on in modules/session/mod_session.c.
     - CVE-2018-1283
   * SECURITY UPDATE: DoS via specially-crafted request
     - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
       terminated on any error, not only on buffer full in
       server/protocol.c.
     - CVE-2018-1301
   * SECURITY UPDATE: mod_cache_socache DoS
     - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
       to carriage return in modules/cache/mod_cache_socache.c.
     - CVE-2018-1303
   * SECURITY UPDATE: insecure nonce generation
     - debian/patches/CVE-2018-1312.patch: actually use the secret when
       generating nonces in modules/aaa/mod_auth_digest.c.
     - CVE-2018-1312
Checksums-Sha1:
 83fb9e1a89c8c57a8b59c749885d2d1028187d0a 1071568 apache2-bin_2.4.29-1ubuntu4.1_amd64.deb
 d07233429005173f70cca4549f9f3c183413be85 160148 apache2-data_2.4.29-1ubuntu4.1_all.deb
 498efc4db60a73aa42e7da0a9500864a6d328304 3963336 apache2-dbg_2.4.29-1ubuntu4.1_amd64.deb
 0436481aa6484b61b65a473da584a82e7008343d 176856 apache2-dev_2.4.29-1ubuntu4.1_amd64.deb
 7372a0e442ee876b2088fde2b645b59c3c4623be 3696920 apache2-doc_2.4.29-1ubuntu4.1_all.deb
 813fae1cae330026c146a6b07d396fffd202d013 2396 apache2-ssl-dev_2.4.29-1ubuntu4.1_amd64.deb
 1bedbf840354ccc04717a87f1de6b9f1110885fc 15368 apache2-suexec-custom_2.4.29-1ubuntu4.1_amd64.deb
 cdbd6f34eba34251a4e73dfad5e0d27d58e4d362 13860 apache2-suexec-pristine_2.4.29-1ubuntu4.1_amd64.deb
 2d58d58c71615f7fc9d2d4137cf3edf6d74faeb7 83516 apache2-utils_2.4.29-1ubuntu4.1_amd64.deb
 fa2d034292b25931726df101f600ac1757281f65 10312 apache2_2.4.29-1ubuntu4.1_amd64.buildinfo
 70d954b01647ecc3c83e5476737acc6d2440cbce 95116 apache2_2.4.29-1ubuntu4.1_amd64.deb
Checksums-Sha256:
 983396dc40f60e3dd5fcd9e2b0d861a6fd7045e427308b6abe78b0f04bdfef73 1071568 apache2-bin_2.4.29-1ubuntu4.1_amd64.deb
 b497b3759325701719870e7eae17058ebc304f251edbf00d5acc3f8ec5424077 160148 apache2-data_2.4.29-1ubuntu4.1_all.deb
 92686c2125d16c60ff9d59104582c492a43a9c59d5e2037ab0861851e69f89ee 3963336 apache2-dbg_2.4.29-1ubuntu4.1_amd64.deb
 3dc3640bc5442bcc530505843cf416c550825c881b553e590978e2786dd0b7f9 176856 apache2-dev_2.4.29-1ubuntu4.1_amd64.deb
 876ef7b19f321f378d6ffcad6ba15dcc720c01e0d1330923f4d7654f015d2433 3696920 apache2-doc_2.4.29-1ubuntu4.1_all.deb
 de8bde0f476e460a0f4587a489a4abcee28952337da550e94841e34ba71fa28b 2396 apache2-ssl-dev_2.4.29-1ubuntu4.1_amd64.deb
 e2d4f40f4a0fd0b3416254697988ab1b42b6d1fa784bedaa46ee457fcedcb9e7 15368 apache2-suexec-custom_2.4.29-1ubuntu4.1_amd64.deb
 3bbfc3058384f9b943e7b210211e5fc2f7774df0ad3e36428204b9e771e476f8 13860 apache2-suexec-pristine_2.4.29-1ubuntu4.1_amd64.deb
 395794286e98d13c313e02ba0a2171ed578d2a8125c21d8b22448b5ff2a3f7e4 83516 apache2-utils_2.4.29-1ubuntu4.1_amd64.deb
 cc6386f25f175eff3c661ae0c502b31ba7a01be3564fe9b46d048b20b615e47e 10312 apache2_2.4.29-1ubuntu4.1_amd64.buildinfo
 ea769061ab588dea2bd926cf2c7eca50e30f8aa32b77bc76f6291d114152a831 95116 apache2_2.4.29-1ubuntu4.1_amd64.deb
Files:
 c44d888628f7e53ba9d5af3942debdd7 1071568 httpd optional apache2-bin_2.4.29-1ubuntu4.1_amd64.deb
 18c491c145be0b7e1f9d3611b2769059 160148 httpd optional apache2-data_2.4.29-1ubuntu4.1_all.deb
 7c2e4541366380b596dbf50118850723 3963336 debug optional apache2-dbg_2.4.29-1ubuntu4.1_amd64.deb
 4aa543f155344690459745153adcea21 176856 httpd optional apache2-dev_2.4.29-1ubuntu4.1_amd64.deb
 4180f30904fca94ee6780da159a1ece9 3696920 doc optional apache2-doc_2.4.29-1ubuntu4.1_all.deb
 e80d492fa0eba89e0eb20a1695a87ef2 2396 httpd optional apache2-ssl-dev_2.4.29-1ubuntu4.1_amd64.deb
 cc1ce98eced84a24142d3ece0423a641 15368 httpd optional apache2-suexec-custom_2.4.29-1ubuntu4.1_amd64.deb
 818e6f607062f28f53e592c64cd6949b 13860 httpd optional apache2-suexec-pristine_2.4.29-1ubuntu4.1_amd64.deb
 5280b7c2c097010d94be877701b2e4ed 83516 httpd optional apache2-utils_2.4.29-1ubuntu4.1_amd64.deb
 8d29500e42fe0f8465fb5001c3c88686 10312 httpd optional apache2_2.4.29-1ubuntu4.1_amd64.buildinfo
 e03a64d43523ec047e20f81b15e1769f 95116 httpd optional apache2_2.4.29-1ubuntu4.1_amd64.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>