Format: 1.8
Date: Mon, 26 Aug 2019 06:31:40 -0700
Source: apache2
Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: arm64
Version: 2.4.38-2ubuntu2.2
Distribution: disco
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-048.buildd>
Changed-By: Steve Beattie <sbeattie@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Launchpad-Bugs-Fixed: 1840188
Changes:
 apache2 (2.4.38-2ubuntu2.2) disco-security; urgency=medium
 .
   * SECURITY UPDATE: HTTP/2 internal data buffering denial of service.
     - d/p/mod_http2-1.15.4-backport-0004-CVE-2019-9517.patch: improve
       http/2 module keepalive throttling.
     - CVE-2019-9517
   * SECURITY UPDATE: Upgrade request from http/1.1 to http/2 crash
     denial of service (LP: #1840188)
     - d/p/mod_http2-1.14.1-backport-0001-Merge-r1852038-r1852101-from-trunk-CVE-2019-0197.patch:
       re-use slave connections and fix slave connection keepalives
       counter.
     - CVE-2019-0197
   * SECURITY UPDATE: mod_http2 memory corruption on early pushes
     - included in mod_http2 1.15.4 backport
     - CVE-2019-10081
   * SECURITY UPDATE: read-after-free in mod_http2 h2 connection
     shutdown.
     - included in mod_http2 1.15.4 backport
     - CVE-2019-10082
   * SECURITY UPDATE: mod_remoteip: Stack buffer overflow and NULL
     pointer dereference.
     - d/p/CVE-2019-10097.patch: add better sanity checks.
     - CVE-2019-10097
   * SECURITY UPDATE: Limited cross-site scripting in mod_proxy
     error page.
     - d/p/CVE-2019-10092-1.patch: Remove request details from built-in
       error documents.
     - d/p/CVE-2019-10092-2.patch: Add missing log numbers.
     - d/p/CVE-2019-10092-3.patch: mod_proxy: Improve XSRF/XSS
       protection.
     - CVE-2019-10092-1
   * SECURITY UPDATE: mod_rewrite potential open redirect
     - d/p/CVE-2019-10098.patch: Set PCRE_DOTALL by default.
     - CVE-2019-10098
   * Backport mod_http2 v1.14.1 and v1.15.4 for CVE-2019-9517,
     CVE-2019-10081, and CVE-2019-10082 fixes:
     - add d/p/mod_http2-1.14.1-backport-*.patches and
       d/p/mod_http2-1.15.4-backport-*.patches
Checksums-Sha1:
 cb044e872c0ec8e5ef69ff28f887c12dee290fef 4727076 apache2-bin-dbgsym_2.4.38-2ubuntu2.2_arm64.ddeb
 7bbdb5c151498b28daab76fa2e46ad95540a6179 1056668 apache2-bin_2.4.38-2ubuntu2.2_arm64.deb
 8ccb69a623ece9e2de55e722615c560e855524ec 179844 apache2-dev_2.4.38-2ubuntu2.2_arm64.deb
 ce8f34f394129661de9088e65abee0eec320615a 2400 apache2-ssl-dev_2.4.38-2ubuntu2.2_arm64.deb
 46ded9b7b620ff8071a6be291769f13730b3e0c1 13080 apache2-suexec-custom-dbgsym_2.4.38-2ubuntu2.2_arm64.ddeb
 08fbb6ad649f7ff9c75438e4d9eb33ba2c9a2fed 15304 apache2-suexec-custom_2.4.38-2ubuntu2.2_arm64.deb
 ba877b1199453e55b82f326260c255b1a656514e 11924 apache2-suexec-pristine-dbgsym_2.4.38-2ubuntu2.2_arm64.ddeb
 cf8f1a2ea451fc9b72566ac0799b7319383a65b2 13804 apache2-suexec-pristine_2.4.38-2ubuntu2.2_arm64.deb
 cde903bda42e42d36238d6c0ee3e43ca80253b33 140604 apache2-utils-dbgsym_2.4.38-2ubuntu2.2_arm64.ddeb
 ee1da7e6761bc9733b85e777ddad25e89c4b8134 84684 apache2-utils_2.4.38-2ubuntu2.2_arm64.deb
 abb506e031eb479ad2b7aec4f2abd6981eeb3a7b 11111 apache2_2.4.38-2ubuntu2.2_arm64.buildinfo
 d7e72727ea2e7bc2048a5733bf54036e545438ab 95464 apache2_2.4.38-2ubuntu2.2_arm64.deb
 d353af7ab6d73f030c0823fb3de52a0b69d5eea6 992 libapache2-mod-md_2.4.38-2ubuntu2.2_arm64.deb
 5eb5213efce448b8d82b7c9aa6427101df9eb562 1176 libapache2-mod-proxy-uwsgi_2.4.38-2ubuntu2.2_arm64.deb
Checksums-Sha256:
 50dd35e76917ff6b0c5a5fe87a8bb6ef99eba836f9c90a7ec3094ba1c3148361 4727076 apache2-bin-dbgsym_2.4.38-2ubuntu2.2_arm64.ddeb
 c5e728d1127e47b0d18967f216dc45631707c603dfdf4f15a85df721f2c81366 1056668 apache2-bin_2.4.38-2ubuntu2.2_arm64.deb
 8e4e5f9c47d348218ccbc28bdc264fbd04a78bfa477f595e03e6ee1438b02f4a 179844 apache2-dev_2.4.38-2ubuntu2.2_arm64.deb
 e0a2cc8ed4d503a447ae1e89f4e3cc6f25dcd34e7b41ee8d297654681a915abb 2400 apache2-ssl-dev_2.4.38-2ubuntu2.2_arm64.deb
 002962506806e9ef2f95da2f5e7a614da6e50318c8850e2a7c0c38c997bb0b9f 13080 apache2-suexec-custom-dbgsym_2.4.38-2ubuntu2.2_arm64.ddeb
 cdeff7d7c87fab993b901e34724c409df633c22f853b9e4d68fff68e5944766f 15304 apache2-suexec-custom_2.4.38-2ubuntu2.2_arm64.deb
 6104c952b3c3bbc3f0e885fce91d38a80d395dfaad0b178ca98342aa1555fde4 11924 apache2-suexec-pristine-dbgsym_2.4.38-2ubuntu2.2_arm64.ddeb
 19845618cd1feba405fce8b3027176bad75668151708dc8ebc5a908302f465e6 13804 apache2-suexec-pristine_2.4.38-2ubuntu2.2_arm64.deb
 2908ade676b4a311e2d751a0ab84a0ee2ae7939a80a32af1ab07b1169a8ca81a 140604 apache2-utils-dbgsym_2.4.38-2ubuntu2.2_arm64.ddeb
 077eded2a4da4eec731635c7e736315fc49f0d60e0959f1bd475a8e519f63d1c 84684 apache2-utils_2.4.38-2ubuntu2.2_arm64.deb
 e41d1e049ac3d99cf15aeed400f0b64b2b1af532fad8a1fc950aeab14e5a899d 11111 apache2_2.4.38-2ubuntu2.2_arm64.buildinfo
 fd39f2c935163f4fb8bbb6ee80593a74098de4fd50ec4ca8d9273f6dc5b41bbe 95464 apache2_2.4.38-2ubuntu2.2_arm64.deb
 9ece6a5bda27dc882271186b7a92bf261ca5b57080d8c5e002a35b79c7e742cc 992 libapache2-mod-md_2.4.38-2ubuntu2.2_arm64.deb
 21190c480883c356393840ded55a5f419123346c130f85be3a8181fb7e4848e0 1176 libapache2-mod-proxy-uwsgi_2.4.38-2ubuntu2.2_arm64.deb
Files:
 795ea0563ea6d5cf75ee84bc999710c2 4727076 debug optional apache2-bin-dbgsym_2.4.38-2ubuntu2.2_arm64.ddeb
 4419520bc9f45560bea01de1080137c7 1056668 httpd optional apache2-bin_2.4.38-2ubuntu2.2_arm64.deb
 bb4ed88444dbb5f8582bff2210b14127 179844 httpd optional apache2-dev_2.4.38-2ubuntu2.2_arm64.deb
 d5c26a54f4065f57d1d8133405d00b9d 2400 httpd optional apache2-ssl-dev_2.4.38-2ubuntu2.2_arm64.deb
 716f563650740d5eb2b7bbb41ea96a48 13080 debug optional apache2-suexec-custom-dbgsym_2.4.38-2ubuntu2.2_arm64.ddeb
 3c2049a642ab164d2c621013c43fda58 15304 httpd optional apache2-suexec-custom_2.4.38-2ubuntu2.2_arm64.deb
 e2cc2232a8bc623fe3b89675e7d3531a 11924 debug optional apache2-suexec-pristine-dbgsym_2.4.38-2ubuntu2.2_arm64.ddeb
 baf1540bd3244ce0a22816a8a0f8004b 13804 httpd optional apache2-suexec-pristine_2.4.38-2ubuntu2.2_arm64.deb
 b45cd46984c84843caf34f33434adefb 140604 debug optional apache2-utils-dbgsym_2.4.38-2ubuntu2.2_arm64.ddeb
 3090fb9ef52035de2c2cdd871f883c11 84684 httpd optional apache2-utils_2.4.38-2ubuntu2.2_arm64.deb
 788509c93edfc3bb91fee13bf522e7d2 11111 httpd optional apache2_2.4.38-2ubuntu2.2_arm64.buildinfo
 9aa7203224a968785312a7c44775ce75 95464 httpd optional apache2_2.4.38-2ubuntu2.2_arm64.deb
 84a03d995126c14c508a718f18a03830 992 oldlibs optional libapache2-mod-md_2.4.38-2ubuntu2.2_arm64.deb
 6b4ef5115cc230d917ee8628b016b34e 1176 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.38-2ubuntu2.2_arm64.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>