Format: 1.8 Date: Wed, 12 Aug 2020 17:33:25 -0400 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg Architecture: amd64 all Version: 2.4.29-1ubuntu4.14 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.29-1ubuntu4.14) bionic-security; urgency=medium . * SECURITY UPDATE: mod_rewrite redirect issue - debian/patches/CVE-2020-1927-1.patch: factor out default regex flags in include/ap_regex.h, server/core.c, server/util_pcre.c. - debian/patches/CVE-2020-1927-2.patch: add AP_REG_NO_DEFAULT to allow opt-out of pcre defaults in include/ap_regex.h, modules/filters/mod_substitute.c, server/util_pcre.c, server/util_regex.c. - CVE-2020-1927 * SECURITY UPDATE: mod_proxy_ftp uninitialized memory issue - debian/patches/CVE-2020-1934.patch: trap bad FTP responses in modules/proxy/mod_proxy_ftp.c. - CVE-2020-1934 * SECURITY UPDATE: DoS via invalid Cache-Digest header - debian/patches/CVE-2020-9490.patch: remove support for abandoned http-wg draft in modules/http2/h2_push.c, modules/http2/h2_push.h. - CVE-2020-9490 * SECURITY UPDATE: concurrent use of memory pools in HTTP/2 module - debian/patches/CVE-2020-11993-pre1.patch: fixed rare cases where a h2 worker could deadlock the main connection in modules/http2/*. - debian/patches/CVE-2020-11993.patch: fix logging and rename terminology in modules/http2/*. - CVE-2020-11993 Checksums-Sha1: ff2497b93301fb70eb6de82494d3c9e03f75f52b 1070148 apache2-bin_2.4.29-1ubuntu4.14_amd64.deb 5be6f26f02b0b6a52a5df674486235bd16b25358 160180 apache2-data_2.4.29-1ubuntu4.14_all.deb 8f46727297aaa39f646d567f949b7924e96d72c8 3958664 apache2-dbg_2.4.29-1ubuntu4.14_amd64.deb 4ee237868f3435828a0854a6ac5fb9fbc45681b7 177496 apache2-dev_2.4.29-1ubuntu4.14_amd64.deb c838d68093489b921c35ce129841be7d64511958 3697856 apache2-doc_2.4.29-1ubuntu4.14_all.deb 68422679feb0706762b859a84494ee94c2e97913 2396 apache2-ssl-dev_2.4.29-1ubuntu4.14_amd64.deb 3967d22b6030222d1e8c63ad116ac38b61e735df 15392 apache2-suexec-custom_2.4.29-1ubuntu4.14_amd64.deb 92e1a62093f52be6b9406fa55f1aec1f4d8950be 13892 apache2-suexec-pristine_2.4.29-1ubuntu4.14_amd64.deb 9ea67dedb2db0398ec6fd8007da679018d5f09eb 83888 apache2-utils_2.4.29-1ubuntu4.14_amd64.deb e149e89cedaeb40ca1185c6f4989caff9cb26163 10817 apache2_2.4.29-1ubuntu4.14_amd64.buildinfo b77426d5b496ec8de7487167ab0911264c2922a2 95080 apache2_2.4.29-1ubuntu4.14_amd64.deb Checksums-Sha256: 43df009d76f26aea6949a9784e3d51bcc0f483522e6b7fb6528a0076cbe3d4cf 1070148 apache2-bin_2.4.29-1ubuntu4.14_amd64.deb 55f81975a8d57dfae225d15f23ef5bbc98b9507e2e82cfc97de30258cf407292 160180 apache2-data_2.4.29-1ubuntu4.14_all.deb 5b6067b3ca3968281b62fefa01752da3a543001df72345593201065ce3072145 3958664 apache2-dbg_2.4.29-1ubuntu4.14_amd64.deb 90d2af17b0019bfabb8e2d7e5791b901c16b661f3b4d758e5f8cd50049c7c1bc 177496 apache2-dev_2.4.29-1ubuntu4.14_amd64.deb 2919d3bfd38a4108a2b1e1acff99d32ba972ecbd7b81b0e39a8e3daa6ed7ba4c 3697856 apache2-doc_2.4.29-1ubuntu4.14_all.deb f58ba956585b9a593b882d89877f014a3e151ed33923056d78d1cd67c1495915 2396 apache2-ssl-dev_2.4.29-1ubuntu4.14_amd64.deb cb4b70a53e77146a4338b3b9878ed678767128fa14745904d4dd7f11267f354c 15392 apache2-suexec-custom_2.4.29-1ubuntu4.14_amd64.deb a21751774fd99b8ea159e3c662d1fd3ad77cea2ab117749b6f76ba0e159b5c49 13892 apache2-suexec-pristine_2.4.29-1ubuntu4.14_amd64.deb 3696b90c8266d109e9e585d50afddccd14b1133ef4ab35253d46c0f4597480cb 83888 apache2-utils_2.4.29-1ubuntu4.14_amd64.deb 82797e95085f8d0c330cf4f5514cb95213225f11ad2eca7afbcdc13dbb419743 10817 apache2_2.4.29-1ubuntu4.14_amd64.buildinfo 76a59b98ecdb7ef014376b87f1ac6b2f837081ea95fe1e45029163845c38b31c 95080 apache2_2.4.29-1ubuntu4.14_amd64.deb Files: 91f9ff6ea97ac834bb29f85cd4eae59e 1070148 httpd optional apache2-bin_2.4.29-1ubuntu4.14_amd64.deb 1dbcbd0aa6ebdf6c950e9ef719e83a8e 160180 httpd optional apache2-data_2.4.29-1ubuntu4.14_all.deb d225b2ba2d9ab2d874c024d3b0e79c43 3958664 debug optional apache2-dbg_2.4.29-1ubuntu4.14_amd64.deb c36fc8c96ff7e8faff145af2e7b19d6f 177496 httpd optional apache2-dev_2.4.29-1ubuntu4.14_amd64.deb ce6113324c18d4ce71d2276094ddc7d2 3697856 doc optional apache2-doc_2.4.29-1ubuntu4.14_all.deb 1c20ec1a53ff0685200fc6108c26e62d 2396 httpd optional apache2-ssl-dev_2.4.29-1ubuntu4.14_amd64.deb a2d2afb6a204e2a5838f1ceaaea71840 15392 httpd optional apache2-suexec-custom_2.4.29-1ubuntu4.14_amd64.deb ca846406fdbb454ab1a13fffa12346d7 13892 httpd optional apache2-suexec-pristine_2.4.29-1ubuntu4.14_amd64.deb 0c7210c5c776a7e9a8e69834e9a69c1e 83888 httpd optional apache2-utils_2.4.29-1ubuntu4.14_amd64.deb c535a3726080a06ab4b5292aedc35017 10817 httpd optional apache2_2.4.29-1ubuntu4.14_amd64.buildinfo 28dbb9a5d8c74ddc41cb84ee46941878 95080 httpd optional apache2_2.4.29-1ubuntu4.14_amd64.deb Original-Maintainer: Debian Apache Maintainers