Format: 1.8
Date: Wed, 12 Aug 2020 17:33:25 -0400
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg
Architecture: armhf
Version: 2.4.29-1ubuntu4.14
Distribution: bionic
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-067.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
Changes:
 apache2 (2.4.29-1ubuntu4.14) bionic-security; urgency=medium
 .
   * SECURITY UPDATE: mod_rewrite redirect issue
     - debian/patches/CVE-2020-1927-1.patch: factor out default regex flags
       in include/ap_regex.h, server/core.c, server/util_pcre.c.
     - debian/patches/CVE-2020-1927-2.patch: add AP_REG_NO_DEFAULT to allow
       opt-out of pcre defaults in include/ap_regex.h,
       modules/filters/mod_substitute.c, server/util_pcre.c,
       server/util_regex.c.
     - CVE-2020-1927
   * SECURITY UPDATE: mod_proxy_ftp uninitialized memory issue
     - debian/patches/CVE-2020-1934.patch: trap bad FTP responses in
       modules/proxy/mod_proxy_ftp.c.
     - CVE-2020-1934
   * SECURITY UPDATE: DoS via invalid Cache-Digest header
     - debian/patches/CVE-2020-9490.patch: remove support for abandoned
       http-wg draft in modules/http2/h2_push.c, modules/http2/h2_push.h.
     - CVE-2020-9490
   * SECURITY UPDATE: concurrent use of memory pools in HTTP/2 module
     - debian/patches/CVE-2020-11993-pre1.patch: fixed rare cases where a h2
       worker could deadlock the main connection in modules/http2/*.
     - debian/patches/CVE-2020-11993.patch: fix logging and rename
       terminology in modules/http2/*.
     - CVE-2020-11993
Checksums-Sha1:
 5556e8ec6ffaeaf6fcaf773d1d007d548bf0c49d 933008 apache2-bin_2.4.29-1ubuntu4.14_armhf.deb
 e805eaec2b18241cb620637ff036656095568e43 3915284 apache2-dbg_2.4.29-1ubuntu4.14_armhf.deb
 14a29c07a27f5895e71dcd2b91db703e760527af 177508 apache2-dev_2.4.29-1ubuntu4.14_armhf.deb
 bbb26b21b214c90d17a8059fb76a2379c72976e2 2396 apache2-ssl-dev_2.4.29-1ubuntu4.14_armhf.deb
 3b161beb20cfd9ded566626858980ba4734f4a08 14560 apache2-suexec-custom_2.4.29-1ubuntu4.14_armhf.deb
 bc7ea9b6682d0d0cf4a0b2f936729945edf50eab 13072 apache2-suexec-pristine_2.4.29-1ubuntu4.14_armhf.deb
 fc25d5f6b4d8fbf8a9f08cdbe35914557fd64201 83656 apache2-utils_2.4.29-1ubuntu4.14_armhf.deb
 fcfa10bdf1fe67d84ca59f9a2a92173a59b58f6a 10065 apache2_2.4.29-1ubuntu4.14_armhf.buildinfo
 af8f3ed9933e90e232ca59660dcaf67088e2109f 95076 apache2_2.4.29-1ubuntu4.14_armhf.deb
Checksums-Sha256:
 315e81258f1ad8a66fb26062c4f359aa3d8d458a9807f221d514346c4ecaea8a 933008 apache2-bin_2.4.29-1ubuntu4.14_armhf.deb
 51742d95a0239722997a92dc1082b14905664e7b005f3044d6a68be6b85d7ce1 3915284 apache2-dbg_2.4.29-1ubuntu4.14_armhf.deb
 df9689bf6a300053272aee560a8a09fbf063c7ca5f61fc01a9e950534a6416a5 177508 apache2-dev_2.4.29-1ubuntu4.14_armhf.deb
 0c1e72b10374347900323b21fa4c7041edf83ea828929855e11ad232db6f6adb 2396 apache2-ssl-dev_2.4.29-1ubuntu4.14_armhf.deb
 a06b5af9080fe7bdbd8b6c5d01536327195cb5426f24db4e942e47d259bf7a90 14560 apache2-suexec-custom_2.4.29-1ubuntu4.14_armhf.deb
 972d6400cd5c68da36852a8d49ff7c36a3e4e6b08fd010c3b1a35bb96f87fa8f 13072 apache2-suexec-pristine_2.4.29-1ubuntu4.14_armhf.deb
 aa16e0960d0c411374e7169900c4434c7f543bc1fcd70a12c61efb9ec58f082e 83656 apache2-utils_2.4.29-1ubuntu4.14_armhf.deb
 68788c0d4a8e4510a2b5067e364140fb106b78b79ee7468b70920808a12ed238 10065 apache2_2.4.29-1ubuntu4.14_armhf.buildinfo
 db7433775bd92f0a4fd61c4989409b39700851ce3ad03514e8fb0d0aa36953de 95076 apache2_2.4.29-1ubuntu4.14_armhf.deb
Files:
 d6c4aa00f6f30ec06ec873e83ace875b 933008 httpd optional apache2-bin_2.4.29-1ubuntu4.14_armhf.deb
 59c2aa5de74b89f3e298161e8dcc62f3 3915284 debug optional apache2-dbg_2.4.29-1ubuntu4.14_armhf.deb
 d30c253d02371bd096fde7416dc5a25e 177508 httpd optional apache2-dev_2.4.29-1ubuntu4.14_armhf.deb
 856285319577f320272c0484f4ea8dc2 2396 httpd optional apache2-ssl-dev_2.4.29-1ubuntu4.14_armhf.deb
 d84edfc15b5b0d55fbf10e3f8f0be7ec 14560 httpd optional apache2-suexec-custom_2.4.29-1ubuntu4.14_armhf.deb
 4a5a7a92341b5d9d15673e363dceec57 13072 httpd optional apache2-suexec-pristine_2.4.29-1ubuntu4.14_armhf.deb
 e7086aa6a7115ee6f7008d77e487577b 83656 httpd optional apache2-utils_2.4.29-1ubuntu4.14_armhf.deb
 d63b6b15a301114b5478c2d11322da56 10065 httpd optional apache2_2.4.29-1ubuntu4.14_armhf.buildinfo
 1cffa3f0bfd472e7b12031389f39f7cd 95076 httpd optional apache2_2.4.29-1ubuntu4.14_armhf.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>