Format: 1.8 Date: Thu, 17 Jun 2021 13:09:41 -0400 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Built-For-Profiles: noudeb Architecture: riscv64 Version: 2.4.46-4ubuntu1.1 Distribution: hirsute Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.46-4ubuntu1.1) hirsute-security; urgency=medium . * SECURITY UPDATE: mod_proxy_http denial of service. - debian/patches/CVE-2020-13950.patch: don't dereference NULL proxy connection in modules/proxy/mod_proxy_http.c. - CVE-2020-13950 * SECURITY UPDATE: stack overflow via Digest nonce in mod_auth_digest - debian/patches/CVE-2020-35452.patch: fast validation of the nonce's base64 to fail early if the format can't match anyway in modules/aaa/mod_auth_digest.c. - CVE-2020-35452 * SECURITY UPDATE: DoS via cookie header in mod_session - debian/patches/CVE-2021-26690.patch: save one apr_strtok() in session_identity_decode() in modules/session/mod_session.c. - CVE-2021-26690 * SECURITY UPDATE: heap overflow via SessionHeader - debian/patches/CVE-2021-26691.patch: account for the '&' in identity_concat() in modules/session/mod_session.c. - CVE-2021-26691 * SECURITY UPDATE: Unexpected matching behavior with 'MergeSlashes OFF' - debian/patches/CVE-2021-30641.patch: change default behavior in server/request.c. - CVE-2021-30641 Checksums-Sha1: df2edc57436623f1f3b3e64bd398e8b9c760b0cd 3156424 apache2-bin-dbgsym_2.4.46-4ubuntu1.1_riscv64.ddeb 42ab28762b60f20796522bdf67f7aa0777c5c414 1023340 apache2-bin_2.4.46-4ubuntu1.1_riscv64.deb b9e5c0116038ee738818acf4d4aeb54042f51402 179444 apache2-dev_2.4.46-4ubuntu1.1_riscv64.deb f849f64ce1f8a8e59ce9249e8072a9dec3d4a424 3164 apache2-ssl-dev_2.4.46-4ubuntu1.1_riscv64.deb cfd2d711c7880d2420a66a28fc199c51ca97abe3 12276 apache2-suexec-custom-dbgsym_2.4.46-4ubuntu1.1_riscv64.ddeb 26941aeafc061bae809e90f63468e89de164b335 14764 apache2-suexec-custom_2.4.46-4ubuntu1.1_riscv64.deb 84013fa26d4e477ba9cbe8f6e99e7e4a315c6f29 11100 apache2-suexec-pristine-dbgsym_2.4.46-4ubuntu1.1_riscv64.ddeb 741a9a822ca7a413590846faa75925522acc9b4f 13292 apache2-suexec-pristine_2.4.46-4ubuntu1.1_riscv64.deb 4f15c4af097a1a4b2e1c44ef3c3c64ca777a5b6b 115604 apache2-utils-dbgsym_2.4.46-4ubuntu1.1_riscv64.ddeb 7189abe399265aa883479c9f7c1ae6ce62082ca9 78564 apache2-utils_2.4.46-4ubuntu1.1_riscv64.deb ea4bce443a5338d930b6b77992501980204f165b 11884 apache2_2.4.46-4ubuntu1.1_riscv64.buildinfo d74f1902b6b4f9ee078f878dd514857f1581033a 95868 apache2_2.4.46-4ubuntu1.1_riscv64.deb f7240466e623aeef1b25c08bdb008d8810bc987c 1000 libapache2-mod-md_2.4.46-4ubuntu1.1_riscv64.deb 559a56691d66686da44ae9f67cfd9b186aae51c0 1176 libapache2-mod-proxy-uwsgi_2.4.46-4ubuntu1.1_riscv64.deb Checksums-Sha256: 9531294f151f4ef94273cbce7840d13f0cb56b92ff6d68b7f5faa73206b45f96 3156424 apache2-bin-dbgsym_2.4.46-4ubuntu1.1_riscv64.ddeb 64287580d5225a18782db545b7c43b2371aedf140d8795b35d8bb78b0f4b4178 1023340 apache2-bin_2.4.46-4ubuntu1.1_riscv64.deb 79220215b5157445ace637d99532589e3a8f69aaa879cffa7aa4aedeb8802bda 179444 apache2-dev_2.4.46-4ubuntu1.1_riscv64.deb 6ac69ce018bb50ae4a995ac568c99d1d14f908a2f2bd560b1963edd1b9ff951b 3164 apache2-ssl-dev_2.4.46-4ubuntu1.1_riscv64.deb 8094ae2b62ce37ecd828f41caa695ceb439d6790580db67c031b079c71924b61 12276 apache2-suexec-custom-dbgsym_2.4.46-4ubuntu1.1_riscv64.ddeb 28e924f823788d1bef8c822885e1f2be92c99c4c9c2c3c9bf7acb48590aa0c1d 14764 apache2-suexec-custom_2.4.46-4ubuntu1.1_riscv64.deb b9b87e39b0da4fc582543c1d174b59fac91d9514019a11c194f7562112e487ba 11100 apache2-suexec-pristine-dbgsym_2.4.46-4ubuntu1.1_riscv64.ddeb be63fe89e87f9498d0ac96d542a7507be003065d0f3783418b4a8e21b97a804c 13292 apache2-suexec-pristine_2.4.46-4ubuntu1.1_riscv64.deb 166f242c9247cb2a1589e8fcdca94c01bec00ccd1072ab4924377a949a304293 115604 apache2-utils-dbgsym_2.4.46-4ubuntu1.1_riscv64.ddeb f9aaa9bb5be3a3595fdce514c334d09e65c03c42807fe3a5472d501476c6dd8f 78564 apache2-utils_2.4.46-4ubuntu1.1_riscv64.deb b50cb0fb989abe150eceb4058f72af8e1b0bd845dccb39408d6b6ecbc0dcfff2 11884 apache2_2.4.46-4ubuntu1.1_riscv64.buildinfo 1882cf4ba88ef6c09dd6011b51b79e1db2f032ef273eed104edd002321e18617 95868 apache2_2.4.46-4ubuntu1.1_riscv64.deb 1f872e89a99ebd6791485c0ddf62bbdf41dd066a396defeec86c36f1ce252bb2 1000 libapache2-mod-md_2.4.46-4ubuntu1.1_riscv64.deb da83f027f008fa52c53596405071473b877d9d88b4ac2930cc26b3c5b1aa3a3b 1176 libapache2-mod-proxy-uwsgi_2.4.46-4ubuntu1.1_riscv64.deb Files: 7d7ecb9bf842b39d4bd7bc3aa213d32c 3156424 debug optional apache2-bin-dbgsym_2.4.46-4ubuntu1.1_riscv64.ddeb 59912d96c66239a559777596579018de 1023340 httpd optional apache2-bin_2.4.46-4ubuntu1.1_riscv64.deb fdf6ce76b1f0552379b925b33110e4f9 179444 httpd optional apache2-dev_2.4.46-4ubuntu1.1_riscv64.deb 69b033476ece783afb104ab10139b70f 3164 httpd optional apache2-ssl-dev_2.4.46-4ubuntu1.1_riscv64.deb 8703d60189907b327dc3818eac100c7e 12276 debug optional apache2-suexec-custom-dbgsym_2.4.46-4ubuntu1.1_riscv64.ddeb d777b806cd76ff65d0399dd16d46eb85 14764 httpd optional apache2-suexec-custom_2.4.46-4ubuntu1.1_riscv64.deb 5bd0769576c5d15cba180588e67e723b 11100 debug optional apache2-suexec-pristine-dbgsym_2.4.46-4ubuntu1.1_riscv64.ddeb 4a034302b131b8cfdcf4513b9bd8802d 13292 httpd optional apache2-suexec-pristine_2.4.46-4ubuntu1.1_riscv64.deb ab4a038f9f839ecc121fee3b06d69b3d 115604 debug optional apache2-utils-dbgsym_2.4.46-4ubuntu1.1_riscv64.ddeb 184c0301436d35ba70308077be42e624 78564 httpd optional apache2-utils_2.4.46-4ubuntu1.1_riscv64.deb 0a93eb07e824119c49110db85d447edb 11884 httpd optional apache2_2.4.46-4ubuntu1.1_riscv64.buildinfo 4f83a8447523e7708b81ef84aed11cee 95868 httpd optional apache2_2.4.46-4ubuntu1.1_riscv64.deb bcc411b4f71633147047d97123e95289 1000 oldlibs optional libapache2-mod-md_2.4.46-4ubuntu1.1_riscv64.deb f6dcd0a78c3f5583a1edb46dc28e3b3e 1176 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.46-4ubuntu1.1_riscv64.deb Original-Maintainer: Debian Apache Maintainers