Format: 1.8
Date: Wed, 12 Aug 2020 15:46:17 -0400
Source: apache2
Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: arm64
Version: 2.4.41-4ubuntu3.1
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-063.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Changes:
 apache2 (2.4.41-4ubuntu3.1) focal-security; urgency=medium
 .
   * SECURITY UPDATE: mod_rewrite redirect issue
     - debian/patches/CVE-2020-1927-1.patch: factor out default regex flags
       in include/ap_regex.h, server/core.c, server/util_pcre.c.
     - debian/patches/CVE-2020-1927-2.patch: add AP_REG_NO_DEFAULT to allow
       opt-out of pcre defaults in include/ap_regex.h,
       modules/filters/mod_substitute.c, server/util_pcre.c,
       server/util_regex.c.
     - CVE-2020-1927
   * SECURITY UPDATE: mod_proxy_ftp uninitialized memory issue
     - debian/patches/CVE-2020-1934.patch: trap bad FTP responses in
       modules/proxy/mod_proxy_ftp.c.
     - CVE-2020-1934
   * SECURITY UPDATE: DoS via invalid Cache-Digest header
     - debian/patches/CVE-2020-9490.patch: remove support for abandoned
       http-wg draft in modules/http2/h2_push.c, modules/http2/h2_push.h.
     - CVE-2020-9490
   * SECURITY UPDATE: mod_proxy_uwsgi info disclosure and possible RCE
     - debian/patches/CVE-2020-11984.patch: error out on HTTP header larger
       than 16K in modules/proxy/mod_proxy_uwsgi.c.
     - CVE-2020-11984
   * SECURITY UPDATE: concurrent use of memory pools in HTTP/2 module
     - debian/patches/CVE-2020-11993-pre1.patch: fixed rare cases where a h2
       worker could deadlock the main connection in modules/http2/*.
     - debian/patches/CVE-2020-11993.patch: fix logging and rename
       terminology in modules/http2/*.
     - CVE-2020-11993
Checksums-Sha1:
 9cb7ef1e9b6fcfd1ac0711ec22294bfe1f24113d 4829660 apache2-bin-dbgsym_2.4.41-4ubuntu3.1_arm64.ddeb
 6082a28644eb8722bae8e2d7f06bebd52195c2d0 1072924 apache2-bin_2.4.41-4ubuntu3.1_arm64.deb
 3d36dafcd0202906f6eeab22e2c065f41926d8df 178648 apache2-dev_2.4.41-4ubuntu3.1_arm64.deb
 e10de1c364209228cc2a22cdd5962027f2bd5c76 3156 apache2-ssl-dev_2.4.41-4ubuntu3.1_arm64.deb
 094d46b4cf5311293a3c43c3578c23de3eb7e8e2 12992 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.1_arm64.ddeb
 4155bfd0dbe79cc6959b49ee47f088ede84de14b 15196 apache2-suexec-custom_2.4.41-4ubuntu3.1_arm64.deb
 058605828c97dc0c5732b679ce3a21bba688cb09 11828 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.1_arm64.ddeb
 3d7e7cabff2148c3a0174443f395df247fb73f8b 13744 apache2-suexec-pristine_2.4.41-4ubuntu3.1_arm64.deb
 d7f122767ed01ee3b646fc96e15c9392f6aa9c05 140956 apache2-utils-dbgsym_2.4.41-4ubuntu3.1_arm64.ddeb
 4dc6d843f933d6e1bdce770c3a1aa44008bbe44c 80784 apache2-utils_2.4.41-4ubuntu3.1_arm64.deb
 ef30c88c63b70b62509e42895676c1c0863b496f 11565 apache2_2.4.41-4ubuntu3.1_arm64.buildinfo
 314b039c83dd276aefc3aca396fb9b86148ba6a6 95516 apache2_2.4.41-4ubuntu3.1_arm64.deb
 7412bff53dc7b420c6edf1484f869b63be086f57 988 libapache2-mod-md_2.4.41-4ubuntu3.1_arm64.deb
 01694c8b698d9c87416be0b514626b2f0fe59af5 1180 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.1_arm64.deb
Checksums-Sha256:
 a78f9eae35d1657c9c30f0d7445e17e55afb0c4badc81791511257ddadf397f7 4829660 apache2-bin-dbgsym_2.4.41-4ubuntu3.1_arm64.ddeb
 0f0bc18caedd92005694f577a62a736f10589abab5c32e865a9b28f57cb24629 1072924 apache2-bin_2.4.41-4ubuntu3.1_arm64.deb
 474c6586352192051d077c6bc40c1decaaae38f03c3e5e625677ffe14f97ee0e 178648 apache2-dev_2.4.41-4ubuntu3.1_arm64.deb
 bbb289c3a8c758ad62e49f54f8b122b910a02542feca9d24ac32279a26404a83 3156 apache2-ssl-dev_2.4.41-4ubuntu3.1_arm64.deb
 930245fb4608458504e1639aff73f50f272e2454331668fc4536e26cac5ed35e 12992 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.1_arm64.ddeb
 3dc0e69c489589a20d71a8101d969124668b25d7ff4735f79fea2682983fdc59 15196 apache2-suexec-custom_2.4.41-4ubuntu3.1_arm64.deb
 6ab66013408d03204632bf8c5441017a35119856e7eff2e2557f21d09cf55253 11828 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.1_arm64.ddeb
 36bd36f225975a028625f743e1f8f08a184dc9f7b19d1f3158d1c2c1fcc5bec5 13744 apache2-suexec-pristine_2.4.41-4ubuntu3.1_arm64.deb
 7f26181dfd7c38074ce15c90b8d7e284674efd1f097dbad0e5f63f17cf63b03c 140956 apache2-utils-dbgsym_2.4.41-4ubuntu3.1_arm64.ddeb
 0e606dce068a76dd55734c3e96295a898fa406626283a92be1b6e955dee9fdd0 80784 apache2-utils_2.4.41-4ubuntu3.1_arm64.deb
 ac98a2a70b5becd8c0ccb6fff4771f15fccd36aa13a04867c4695322846ce243 11565 apache2_2.4.41-4ubuntu3.1_arm64.buildinfo
 4ad3eb1b1a0700011ea163a824a6ae5ccb547fafa7648517d46427078dca741f 95516 apache2_2.4.41-4ubuntu3.1_arm64.deb
 78e82bc6bfda619f774884bd8b9932a8b62eae7f5a25c00a8dadaa546428687f 988 libapache2-mod-md_2.4.41-4ubuntu3.1_arm64.deb
 8dda92388e00ee3a6e380a8cd7a52a238c54ca6449e4194092f5734c3230c911 1180 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.1_arm64.deb
Files:
 c92663f6bb1a4bd41fdb584a2e3b68d4 4829660 debug optional apache2-bin-dbgsym_2.4.41-4ubuntu3.1_arm64.ddeb
 2a5cbe52d050dff4a1f9f0cd42eac8aa 1072924 httpd optional apache2-bin_2.4.41-4ubuntu3.1_arm64.deb
 db20fa40cb691bbeff33c02e588ae1df 178648 httpd optional apache2-dev_2.4.41-4ubuntu3.1_arm64.deb
 1b790a1481abdb60f054e02bd92fca8f 3156 httpd optional apache2-ssl-dev_2.4.41-4ubuntu3.1_arm64.deb
 38d5404e37f87a54e4914d32f771c648 12992 debug optional apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.1_arm64.ddeb
 5fa0377cd9e510469d2b951a9ccf4c23 15196 httpd optional apache2-suexec-custom_2.4.41-4ubuntu3.1_arm64.deb
 6165ca324a7660e6c3c3ba6c2e0bc788 11828 debug optional apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.1_arm64.ddeb
 21b0d3c92d8ccda2e9dba92fa1792e5c 13744 httpd optional apache2-suexec-pristine_2.4.41-4ubuntu3.1_arm64.deb
 0467c32b233129e2231e4e2f9537dff9 140956 debug optional apache2-utils-dbgsym_2.4.41-4ubuntu3.1_arm64.ddeb
 b07a520a7dd623fbf877e13b2bb6b5d6 80784 httpd optional apache2-utils_2.4.41-4ubuntu3.1_arm64.deb
 fe97835e31b3607d9632e279b95dd891 11565 httpd optional apache2_2.4.41-4ubuntu3.1_arm64.buildinfo
 423ef7e370a7042246cc41ba00f6fbee 95516 httpd optional apache2_2.4.41-4ubuntu3.1_arm64.deb
 0aa8d71e79eef1b3d76da72031af3bee 988 oldlibs optional libapache2-mod-md_2.4.41-4ubuntu3.1_arm64.deb
 4e0e5268107a51462f910eb21f0f9b8e 1180 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.1_arm64.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>