Format: 1.8 Date: Wed, 12 Aug 2020 15:46:17 -0400 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Architecture: ppc64el Version: 2.4.41-4ubuntu3.1 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.41-4ubuntu3.1) focal-security; urgency=medium . * SECURITY UPDATE: mod_rewrite redirect issue - debian/patches/CVE-2020-1927-1.patch: factor out default regex flags in include/ap_regex.h, server/core.c, server/util_pcre.c. - debian/patches/CVE-2020-1927-2.patch: add AP_REG_NO_DEFAULT to allow opt-out of pcre defaults in include/ap_regex.h, modules/filters/mod_substitute.c, server/util_pcre.c, server/util_regex.c. - CVE-2020-1927 * SECURITY UPDATE: mod_proxy_ftp uninitialized memory issue - debian/patches/CVE-2020-1934.patch: trap bad FTP responses in modules/proxy/mod_proxy_ftp.c. - CVE-2020-1934 * SECURITY UPDATE: DoS via invalid Cache-Digest header - debian/patches/CVE-2020-9490.patch: remove support for abandoned http-wg draft in modules/http2/h2_push.c, modules/http2/h2_push.h. - CVE-2020-9490 * SECURITY UPDATE: mod_proxy_uwsgi info disclosure and possible RCE - debian/patches/CVE-2020-11984.patch: error out on HTTP header larger than 16K in modules/proxy/mod_proxy_uwsgi.c. - CVE-2020-11984 * SECURITY UPDATE: concurrent use of memory pools in HTTP/2 module - debian/patches/CVE-2020-11993-pre1.patch: fixed rare cases where a h2 worker could deadlock the main connection in modules/http2/*. - debian/patches/CVE-2020-11993.patch: fix logging and rename terminology in modules/http2/*. - CVE-2020-11993 Checksums-Sha1: faf6e5720e5b3f9956ed55519537234b96362eba 5168448 apache2-bin-dbgsym_2.4.41-4ubuntu3.1_ppc64el.ddeb 94d660a0b896d1c09bcf649f7d8f8fbe093fb1bf 1272980 apache2-bin_2.4.41-4ubuntu3.1_ppc64el.deb b3f25ffa2f24188d3472849ef1884577ce254e38 178656 apache2-dev_2.4.41-4ubuntu3.1_ppc64el.deb f378e407007afeb94326ba2fe8825e760a90fc69 3160 apache2-ssl-dev_2.4.41-4ubuntu3.1_ppc64el.deb 090ef441fd0986e214583349607c2f342f56a887 13100 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.1_ppc64el.ddeb 5ed794a44337c9db2a914c85618f35adf0713b82 15484 apache2-suexec-custom_2.4.41-4ubuntu3.1_ppc64el.deb 63ad2c8f34b2e5a34f90f674bebb4fa6b705b3d5 11872 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.1_ppc64el.ddeb aec4932d59ad0ad569314635932dbdb7ac16e821 13936 apache2-suexec-pristine_2.4.41-4ubuntu3.1_ppc64el.deb 5112261b5dfb442c62ddb53c6bb28fa36b75af3c 147404 apache2-utils-dbgsym_2.4.41-4ubuntu3.1_ppc64el.ddeb 0df4141c0ef34ea38031a30a5643fd66ddf15f62 86308 apache2-utils_2.4.41-4ubuntu3.1_ppc64el.deb ef2d4dea56ff7e9d1c8fd605228aae982c963e8e 11691 apache2_2.4.41-4ubuntu3.1_ppc64el.buildinfo 524e73e92e8b51adaab8d6b405ffb6cc3cf0ca62 95520 apache2_2.4.41-4ubuntu3.1_ppc64el.deb 2ecb148cbecc0204e33098f108d5dec01a9ad917 992 libapache2-mod-md_2.4.41-4ubuntu3.1_ppc64el.deb 86d193ef5b9ad5d28543284fe4a2ed618bba6364 1184 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.1_ppc64el.deb Checksums-Sha256: fbcb687d9d25c630df0144f20019c942be32955a4b8ceab66f53d51157acd70a 5168448 apache2-bin-dbgsym_2.4.41-4ubuntu3.1_ppc64el.ddeb 9d13853515de7245f792a703276035e967f245249eab8cf76ca46ca0e99a8d99 1272980 apache2-bin_2.4.41-4ubuntu3.1_ppc64el.deb 1e187b8bd093ed54237ac9b3a98a6835f1d197c8c7299754bf2f149ede58e29f 178656 apache2-dev_2.4.41-4ubuntu3.1_ppc64el.deb 304ab36268ab51ddbd378c8321c496cc9f94de44d810651813c08a2bd180fd80 3160 apache2-ssl-dev_2.4.41-4ubuntu3.1_ppc64el.deb b526e208f17804bebe38a7d0c534f832a59d59a20cdf9925d43e3867ee951c2a 13100 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.1_ppc64el.ddeb 74fa0a3177e1a6599f266e4c223070e6d0765cf9bf372be2a197b35b6196fa88 15484 apache2-suexec-custom_2.4.41-4ubuntu3.1_ppc64el.deb f846e7d8388af8b5571a0778f107c85d56a80f8e8ae38dc056514d607c29e98a 11872 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.1_ppc64el.ddeb 957d6d422e5e21bc30c724e092889ca4858904631cb77a068b4425d007ab0aad 13936 apache2-suexec-pristine_2.4.41-4ubuntu3.1_ppc64el.deb d5fafc13bd5e2cd8635e78aceda4d5356d0d3d621c1973bf3b89388296b431df 147404 apache2-utils-dbgsym_2.4.41-4ubuntu3.1_ppc64el.ddeb 5900711252cb82bc6ec894075509f5bcbcfabfcf0cac928c1d590f47514f33f0 86308 apache2-utils_2.4.41-4ubuntu3.1_ppc64el.deb 73c99e4f138ca6234e13c07596014432228f847e1ab9ddc658b5f256e7aec5b7 11691 apache2_2.4.41-4ubuntu3.1_ppc64el.buildinfo e984f4c56b136a8cf7e90ccad8c8ffaa0222e77499c35b5162cb45fe1f4f37d7 95520 apache2_2.4.41-4ubuntu3.1_ppc64el.deb 05b364e645662fb5ceac79e393c93e54268039a2967b3257e69c5b97471d3a2a 992 libapache2-mod-md_2.4.41-4ubuntu3.1_ppc64el.deb 89f55ed34ef5ea3835f57609d71035bfbe7e0b8b754ef6b041a73c414191cfae 1184 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.1_ppc64el.deb Files: f7f7b42ca4d88be54aacab81df3b2f4c 5168448 debug optional apache2-bin-dbgsym_2.4.41-4ubuntu3.1_ppc64el.ddeb b43c60014712218cd8d9389c98eca18a 1272980 httpd optional apache2-bin_2.4.41-4ubuntu3.1_ppc64el.deb c83e710a03b9c00cdc5deefed952ab30 178656 httpd optional apache2-dev_2.4.41-4ubuntu3.1_ppc64el.deb 7c9feeb0150fa2aa3b3eb43565bd63d3 3160 httpd optional apache2-ssl-dev_2.4.41-4ubuntu3.1_ppc64el.deb 8fb625189bb4b7536ea511adb8199077 13100 debug optional apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.1_ppc64el.ddeb cc1936ba4462c1ecb40ac589e9e923cd 15484 httpd optional apache2-suexec-custom_2.4.41-4ubuntu3.1_ppc64el.deb 6258ae17e75b29b99c41572e4c60308e 11872 debug optional apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.1_ppc64el.ddeb 3930869f3aa2d99dac3301791218f5cc 13936 httpd optional apache2-suexec-pristine_2.4.41-4ubuntu3.1_ppc64el.deb a562db9327daa14d1a2bfac6cfe029d6 147404 debug optional apache2-utils-dbgsym_2.4.41-4ubuntu3.1_ppc64el.ddeb f03469d35a346aa52ea700ea56e34db9 86308 httpd optional apache2-utils_2.4.41-4ubuntu3.1_ppc64el.deb 9c7a2bd74225e961b26ddc31eb15645b 11691 httpd optional apache2_2.4.41-4ubuntu3.1_ppc64el.buildinfo b861c413a939da740d6afc16eeb0c019 95520 httpd optional apache2_2.4.41-4ubuntu3.1_ppc64el.deb 8a910fbf029ea043a0f23f8c5ae01b90 992 oldlibs optional libapache2-mod-md_2.4.41-4ubuntu3.1_ppc64el.deb e4262532e1cc21e46575e50ef0c3b994 1184 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.1_ppc64el.deb Original-Maintainer: Debian Apache Maintainers