Format: 1.8
Date: Thu, 17 Jun 2021 14:27:53 -0400
Source: apache2
Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: ppc64el
Version: 2.4.41-4ubuntu3.3
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-ppc64el-019.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Changes:
 apache2 (2.4.41-4ubuntu3.3) focal-security; urgency=medium
 .
   * SECURITY UPDATE: mod_proxy_http denial of service.
     - debian/patches/CVE-2020-13950.patch: don't dereference NULL proxy
       connection in modules/proxy/mod_proxy_http.c.
     - CVE-2020-13950
   * SECURITY UPDATE: stack overflow via Digest nonce in mod_auth_digest
     - debian/patches/CVE-2020-35452.patch: fast validation of the nonce's
       base64 to fail early if the format can't match anyway in
       modules/aaa/mod_auth_digest.c.
     - CVE-2020-35452
   * SECURITY UPDATE: DoS via cookie header in mod_session
     - debian/patches/CVE-2021-26690.patch: save one apr_strtok() in
       session_identity_decode() in modules/session/mod_session.c.
     - CVE-2021-26690
   * SECURITY UPDATE: heap overflow via SessionHeader
     - debian/patches/CVE-2021-26691.patch: account for the '&' in
       identity_concat() in modules/session/mod_session.c.
     - CVE-2021-26691
   * SECURITY UPDATE: Unexpected matching behavior with 'MergeSlashes OFF'
     - debian/patches/CVE-2021-30641.patch: change default behavior in
       server/request.c.
     - CVE-2021-30641
   * This update does _not_ include the changes from 2.4.41-4ubuntu3.2 in
     focal-proposed.
Checksums-Sha1:
 b7ef224657cdb64a8a205aeb46d06b4e8052d822 5167608 apache2-bin-dbgsym_2.4.41-4ubuntu3.3_ppc64el.ddeb
 87317cb0f6bb4a00e1d90bba6eff7217844427d7 1272740 apache2-bin_2.4.41-4ubuntu3.3_ppc64el.deb
 f84fcffa527afd5b03ae5e5ebb26005b5235c2d3 179004 apache2-dev_2.4.41-4ubuntu3.3_ppc64el.deb
 c1e890b32219a7c9b680ac1dfae92464c2303e86 3156 apache2-ssl-dev_2.4.41-4ubuntu3.3_ppc64el.deb
 40c8b57758aecae02c7f33db3f3fd2fbb51b7ecc 13108 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.3_ppc64el.ddeb
 567818bfe3f7a451b9595bca4dc8bfed34944a8c 15468 apache2-suexec-custom_2.4.41-4ubuntu3.3_ppc64el.deb
 7c47d969e356bba9c92be5b7e353cad7b6945f26 11880 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.3_ppc64el.ddeb
 6222a0758ed9bb215a5c407f55a6959aa66f9748 13920 apache2-suexec-pristine_2.4.41-4ubuntu3.3_ppc64el.deb
 90337282db623e206479c25af3c4d31194007999 147480 apache2-utils-dbgsym_2.4.41-4ubuntu3.3_ppc64el.ddeb
 900c7215f9b681874275e6537faa49ce9be5617b 86568 apache2-utils_2.4.41-4ubuntu3.3_ppc64el.deb
 affeafec2b81c93d0be22c0eae8d7b2e549d3238 11878 apache2_2.4.41-4ubuntu3.3_ppc64el.buildinfo
 7e5b70d62a361abab276381a1a6cd2138bc3b035 95500 apache2_2.4.41-4ubuntu3.3_ppc64el.deb
 1dfa559aba0e2c00b6b8b23a1f41222db9cb5ee2 992 libapache2-mod-md_2.4.41-4ubuntu3.3_ppc64el.deb
 01baed18a792451a6e50afd08fa07e6fc522abec 1184 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.3_ppc64el.deb
Checksums-Sha256:
 b98c2fe243075ae802f7f147f9954e40e7d76eabc4262b52f6873739581f90e8 5167608 apache2-bin-dbgsym_2.4.41-4ubuntu3.3_ppc64el.ddeb
 3726ad2694ea00ec028796d3280280a8dad22716f1a4afd916ec55e9b355bdc4 1272740 apache2-bin_2.4.41-4ubuntu3.3_ppc64el.deb
 cbeb8a647256a8ea3946ce97d6fd47ccb0bb2ed860e10d574add99e63b02acd4 179004 apache2-dev_2.4.41-4ubuntu3.3_ppc64el.deb
 9b3cbe08a1300376b9283c95cdfbe45c9c139dc044c2957add60155fe694a380 3156 apache2-ssl-dev_2.4.41-4ubuntu3.3_ppc64el.deb
 22573ab897567061da9e9ba03f75a36a96a27fef7ff3a696a09579f0ff377f6b 13108 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.3_ppc64el.ddeb
 f9849ff8f1e192b0848e9ca1afdc13eca15fe472a5bad9e12394cce6a1956f9f 15468 apache2-suexec-custom_2.4.41-4ubuntu3.3_ppc64el.deb
 ed6e91c051f179169d7a7173a63c492c670de71b88a7080ba72896a30ef17a4a 11880 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.3_ppc64el.ddeb
 f079a71ced4a5f8c2cfe30629b8dc4c506b0da0bc1496a7d95380c55e8c239a8 13920 apache2-suexec-pristine_2.4.41-4ubuntu3.3_ppc64el.deb
 59ce47f1ea1155eece5b8bcb4f474e8a382dead037d4bd72790ed7369784abd3 147480 apache2-utils-dbgsym_2.4.41-4ubuntu3.3_ppc64el.ddeb
 c5196a2bd1db23890539a33fd1564d9dca63d85112884d0c0a93881124aa6d33 86568 apache2-utils_2.4.41-4ubuntu3.3_ppc64el.deb
 23be256c86ba4552872e79de05eed4934f182fbdcb66b9f9fc69820df0b1f880 11878 apache2_2.4.41-4ubuntu3.3_ppc64el.buildinfo
 590d851fe6b267120333b2bd44fc251294e2c09da9581282f0e12d116882627d 95500 apache2_2.4.41-4ubuntu3.3_ppc64el.deb
 b5ad34f552805d8e95b8a37debe1233243e3eb0cf752bf6f10b9266ce23cea3d 992 libapache2-mod-md_2.4.41-4ubuntu3.3_ppc64el.deb
 1c7adc966b93c53c5567faa94db310b702c837a75050794821c5952e5941bfe0 1184 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.3_ppc64el.deb
Files:
 9e217fed1bd4af16b903fce63705ce5e 5167608 debug optional apache2-bin-dbgsym_2.4.41-4ubuntu3.3_ppc64el.ddeb
 050fb60c173f7439f320dbae5f658d37 1272740 httpd optional apache2-bin_2.4.41-4ubuntu3.3_ppc64el.deb
 97988de9a7281d667c1f00c9a3422083 179004 httpd optional apache2-dev_2.4.41-4ubuntu3.3_ppc64el.deb
 a9efffb430d264f996208b4a542f8332 3156 httpd optional apache2-ssl-dev_2.4.41-4ubuntu3.3_ppc64el.deb
 9010271e26d111a21a1d802ff9225304 13108 debug optional apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.3_ppc64el.ddeb
 bdd66a7e287e669e871a9afc40c68776 15468 httpd optional apache2-suexec-custom_2.4.41-4ubuntu3.3_ppc64el.deb
 16b175005453d9accc02d621210f3a17 11880 debug optional apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.3_ppc64el.ddeb
 ff084a327400e53840956d5cbaa47fa4 13920 httpd optional apache2-suexec-pristine_2.4.41-4ubuntu3.3_ppc64el.deb
 9955f2cd1fe2eccd080f751a103a5050 147480 debug optional apache2-utils-dbgsym_2.4.41-4ubuntu3.3_ppc64el.ddeb
 d2e88c5d903a196def4916d892eeab74 86568 httpd optional apache2-utils_2.4.41-4ubuntu3.3_ppc64el.deb
 04a27915928e4d595a5c336fce3209b1 11878 httpd optional apache2_2.4.41-4ubuntu3.3_ppc64el.buildinfo
 5b45b1f07679b130238d25a00d523dbf 95500 httpd optional apache2_2.4.41-4ubuntu3.3_ppc64el.deb
 1d30f93423838980862272717edb53a9 992 oldlibs optional libapache2-mod-md_2.4.41-4ubuntu3.3_ppc64el.deb
 ab3df4382072f04efe6a7552bd0e3d4b 1184 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.3_ppc64el.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>