Format: 1.8
Date: Wed, 12 Aug 2020 17:33:25 -0400
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg
Architecture: arm64
Version: 2.4.29-1ubuntu4.14
Distribution: bionic
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-028.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
Changes:
 apache2 (2.4.29-1ubuntu4.14) bionic-security; urgency=medium
 .
   * SECURITY UPDATE: mod_rewrite redirect issue
     - debian/patches/CVE-2020-1927-1.patch: factor out default regex flags
       in include/ap_regex.h, server/core.c, server/util_pcre.c.
     - debian/patches/CVE-2020-1927-2.patch: add AP_REG_NO_DEFAULT to allow
       opt-out of pcre defaults in include/ap_regex.h,
       modules/filters/mod_substitute.c, server/util_pcre.c,
       server/util_regex.c.
     - CVE-2020-1927
   * SECURITY UPDATE: mod_proxy_ftp uninitialized memory issue
     - debian/patches/CVE-2020-1934.patch: trap bad FTP responses in
       modules/proxy/mod_proxy_ftp.c.
     - CVE-2020-1934
   * SECURITY UPDATE: DoS via invalid Cache-Digest header
     - debian/patches/CVE-2020-9490.patch: remove support for abandoned
       http-wg draft in modules/http2/h2_push.c, modules/http2/h2_push.h.
     - CVE-2020-9490
   * SECURITY UPDATE: concurrent use of memory pools in HTTP/2 module
     - debian/patches/CVE-2020-11993-pre1.patch: fixed rare cases where a h2
       worker could deadlock the main connection in modules/http2/*.
     - debian/patches/CVE-2020-11993.patch: fix logging and rename
       terminology in modules/http2/*.
     - CVE-2020-11993
Checksums-Sha1:
 b87d01d40c020839dfcac082074dd4a8d68e7505 902688 apache2-bin_2.4.29-1ubuntu4.14_arm64.deb
 a47cd5a8a0a477b436010ca6ce5f21e22c22cfb5 4111016 apache2-dbg_2.4.29-1ubuntu4.14_arm64.deb
 1d0282bb8c220c920e2479233dd1d936359ef95b 177496 apache2-dev_2.4.29-1ubuntu4.14_arm64.deb
 d1d213cd80d904ab3808b39a9296e48f3f418de4 2396 apache2-ssl-dev_2.4.29-1ubuntu4.14_arm64.deb
 8ded527b9ea040dfe7f22c249695bccf3a54da8c 14864 apache2-suexec-custom_2.4.29-1ubuntu4.14_arm64.deb
 bf57969a6bd9b8151e71c1518ce1ea8f135a7543 13392 apache2-suexec-pristine_2.4.29-1ubuntu4.14_arm64.deb
 4ca8df24a63049a80479c8f76446e3cd1b09e24d 78492 apache2-utils_2.4.29-1ubuntu4.14_arm64.deb
 07fb6867e96d2a9fe2ef07c875e063c381ad2f6e 10131 apache2_2.4.29-1ubuntu4.14_arm64.buildinfo
 29d960d85a6643012978201eafd2ba7c663ba11b 95080 apache2_2.4.29-1ubuntu4.14_arm64.deb
Checksums-Sha256:
 7da0f480f12baaf850f26971ba6459b2461c7a8e82c4181bd413fbad87b4c4a9 902688 apache2-bin_2.4.29-1ubuntu4.14_arm64.deb
 74ae7ed0bfeb68cd10de09528afc19f6dfe44ca9ee524f109528e73f988c8f9b 4111016 apache2-dbg_2.4.29-1ubuntu4.14_arm64.deb
 66b26e870bd486a56a800202eb51c867487a577add1be6169587b8d0ecbb8b65 177496 apache2-dev_2.4.29-1ubuntu4.14_arm64.deb
 15da3a821a8f94e9a9ff35614aba3e027d4ab5c469db5f501cc3c9b09779bf33 2396 apache2-ssl-dev_2.4.29-1ubuntu4.14_arm64.deb
 0ed957ca263cb39bef36edc9058543ba9e794376b0ed356772789d5dd344fdd1 14864 apache2-suexec-custom_2.4.29-1ubuntu4.14_arm64.deb
 818a735980329cfb116fa5990d953e84384c4497280fa68f6f15bc2f020a8874 13392 apache2-suexec-pristine_2.4.29-1ubuntu4.14_arm64.deb
 5a238ad92241ab16bb82ee6fa275d41861ad28afbfe10e814100bd1a7945e361 78492 apache2-utils_2.4.29-1ubuntu4.14_arm64.deb
 c7928769338a41af31d4a6b2276c7496438301e6e248e326bda38c671d046764 10131 apache2_2.4.29-1ubuntu4.14_arm64.buildinfo
 f1ea505cff40917ec0cbf1a0b9118047b371162431e0171ed5b0aa46b69098ed 95080 apache2_2.4.29-1ubuntu4.14_arm64.deb
Files:
 648763c5f8da2118e85a37181f3a5d86 902688 httpd optional apache2-bin_2.4.29-1ubuntu4.14_arm64.deb
 3f1dacadd5f553742e8b20479f4829ea 4111016 debug optional apache2-dbg_2.4.29-1ubuntu4.14_arm64.deb
 ea73a6381d3c0363dffc24239b38fe29 177496 httpd optional apache2-dev_2.4.29-1ubuntu4.14_arm64.deb
 12ddf4c53f19820b305bd3b3e5ca4df9 2396 httpd optional apache2-ssl-dev_2.4.29-1ubuntu4.14_arm64.deb
 184efa57d3e66e5f0355912d911a0358 14864 httpd optional apache2-suexec-custom_2.4.29-1ubuntu4.14_arm64.deb
 5de86b416a28496592479cda878e9aa7 13392 httpd optional apache2-suexec-pristine_2.4.29-1ubuntu4.14_arm64.deb
 3cbbfc533c4e23a169969e5c41173dfa 78492 httpd optional apache2-utils_2.4.29-1ubuntu4.14_arm64.deb
 401f0cde98d4f017730b480b631716b1 10131 httpd optional apache2_2.4.29-1ubuntu4.14_arm64.buildinfo
 47ca5524f7c19efdbcc41e769ae51dd6 95080 httpd optional apache2_2.4.29-1ubuntu4.14_arm64.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>