Format: 1.8 Date: Wed, 05 Jan 2022 09:38:48 -0500 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Built-For-Profiles: noudeb Architecture: arm64 Version: 2.4.46-4ubuntu1.5 Distribution: hirsute Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.46-4ubuntu1.5) hirsute-security; urgency=medium . * SECURITY UPDATE: DoS or SSRF via forward proxy - debian/patches/CVE-2021-44224-1.patch: enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname in include/http_protocol.h, modules/http/http_request.c, modules/http2/h2_request.c, modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c, server/protocol.c. - debian/patches/CVE-2021-44224-2.patch: don't prevent forwarding URIs w/ no hostname in modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c. - CVE-2021-44224 * SECURITY UPDATE: overflow in mod_lua multipart parser - debian/patches/CVE-2021-44790.patch: improve error handling in modules/lua/lua_request.c. - CVE-2021-44790 Checksums-Sha1: d45b731087a0d4eba3ac6e6f93f85b4293197adc 3313496 apache2-bin-dbgsym_2.4.46-4ubuntu1.5_arm64.ddeb 1f31892174cc2b1a0a156df254594c7a59ec1abd 1089948 apache2-bin_2.4.46-4ubuntu1.5_arm64.deb 41c1fd4480b4728adfde090fd83137de8cf04e3a 180332 apache2-dev_2.4.46-4ubuntu1.5_arm64.deb 1477f395dcf90e35816f3a92e5be32925763bd1b 3168 apache2-ssl-dev_2.4.46-4ubuntu1.5_arm64.deb 1641b7ce339fc883e8323dc077e1d37d7e7572fa 12528 apache2-suexec-custom-dbgsym_2.4.46-4ubuntu1.5_arm64.ddeb 694e080d84682d91a954bbb95fa134a115b151cf 15208 apache2-suexec-custom_2.4.46-4ubuntu1.5_arm64.deb d0d64c0158b7e783effd11dae0b420c1fb3f3382 11332 apache2-suexec-pristine-dbgsym_2.4.46-4ubuntu1.5_arm64.ddeb 1c4e68ff5e4de3d9e2a791643b5d1730d8729fd6 13724 apache2-suexec-pristine_2.4.46-4ubuntu1.5_arm64.deb 31b95301ae3da123f00b416b3ad5457cd62d0c81 118080 apache2-utils-dbgsym_2.4.46-4ubuntu1.5_arm64.ddeb 7d85b1a2b8d9c08342c413f6bac0d717cd767aba 81016 apache2-utils_2.4.46-4ubuntu1.5_arm64.deb f37c8a569d961d0c05bd7ad36ddf16d766760837 12111 apache2_2.4.46-4ubuntu1.5_arm64.buildinfo 4ae256a914507403e441ed2fdbd1bf5d887c0661 95692 apache2_2.4.46-4ubuntu1.5_arm64.deb 6a82719433c1575ca1c28db99716b9310790d082 1004 libapache2-mod-md_2.4.46-4ubuntu1.5_arm64.deb b11a8933a312851302f0f51d2aba643ec2f9847b 1180 libapache2-mod-proxy-uwsgi_2.4.46-4ubuntu1.5_arm64.deb Checksums-Sha256: dc93f04a0798f8445367d9d3cee3d29c2838db9fea7ca850753a4cc5881fed8a 3313496 apache2-bin-dbgsym_2.4.46-4ubuntu1.5_arm64.ddeb ad06662e35658fa6d4fbdb9485070713f31430a30d769658240df7dbe9e55d68 1089948 apache2-bin_2.4.46-4ubuntu1.5_arm64.deb ed18c6ed2cc5f8fb29dc01e02b366d2f77b149f9235534a5cec9a2e690dce891 180332 apache2-dev_2.4.46-4ubuntu1.5_arm64.deb 1f95ff8d899f974fd18b61b0b210630428973e5db5aa6e3061232c2a37dc1022 3168 apache2-ssl-dev_2.4.46-4ubuntu1.5_arm64.deb 82ebfccb9ec17e3d644eb4eb2a55f123e8310ee6b7de34f0f8700d9fa368b213 12528 apache2-suexec-custom-dbgsym_2.4.46-4ubuntu1.5_arm64.ddeb 34d4a4ad6fe2451055bda1eed0e2fc717c710dac418c2f8f0f0d20c8fd44598f 15208 apache2-suexec-custom_2.4.46-4ubuntu1.5_arm64.deb 0cf9b14868a5dcf293ce5904dae6184d40a6dcdaeee04da93a14e8c7bb155f32 11332 apache2-suexec-pristine-dbgsym_2.4.46-4ubuntu1.5_arm64.ddeb cc801c29f108773e8063208a0da5c57153e8d31369568d70332cbd979b9d85a2 13724 apache2-suexec-pristine_2.4.46-4ubuntu1.5_arm64.deb 01117db71436aba669adc99a225e4d68c6f2783e679e7f2e530aec1435f0dbac 118080 apache2-utils-dbgsym_2.4.46-4ubuntu1.5_arm64.ddeb f2c83bacc7c6e0ee11efc459bc5df5ab170565aa4e9dc5b75d74830bfaa00678 81016 apache2-utils_2.4.46-4ubuntu1.5_arm64.deb 86c2ce58ef06f49a1652a9c8344e2fb442caf22baa566e46132379708343de5e 12111 apache2_2.4.46-4ubuntu1.5_arm64.buildinfo 772cb17ba77077768e686ab0f1e658edc2c3ce1e6a5e9b8cf213ce5e8b508012 95692 apache2_2.4.46-4ubuntu1.5_arm64.deb 908bfce06fc9cfe38b6ce1778b4a15baff60404befa8cff167b3dfcbff4da428 1004 libapache2-mod-md_2.4.46-4ubuntu1.5_arm64.deb f074aa345d177aa27e82837e24a438154644605686190b022101aaf3a0f5209d 1180 libapache2-mod-proxy-uwsgi_2.4.46-4ubuntu1.5_arm64.deb Files: fb7d3686e871248c2e20416c75f6de4a 3313496 debug optional apache2-bin-dbgsym_2.4.46-4ubuntu1.5_arm64.ddeb e9ff77c9c089623ab04023df5ab992be 1089948 httpd optional apache2-bin_2.4.46-4ubuntu1.5_arm64.deb 667f9f0f7f81a1980a1c6f702e31185c 180332 httpd optional apache2-dev_2.4.46-4ubuntu1.5_arm64.deb 9eb22c60a998e7f30deddb1902244c70 3168 httpd optional apache2-ssl-dev_2.4.46-4ubuntu1.5_arm64.deb 0b7702115c3929b286f2547d31f12e25 12528 debug optional apache2-suexec-custom-dbgsym_2.4.46-4ubuntu1.5_arm64.ddeb 6f1d4d36a993efa5e514ecca1c50b061 15208 httpd optional apache2-suexec-custom_2.4.46-4ubuntu1.5_arm64.deb 949c33ee94d760a212bc4b188f45bd43 11332 debug optional apache2-suexec-pristine-dbgsym_2.4.46-4ubuntu1.5_arm64.ddeb 03718aebaf5a76bfad580d07dcdd08b6 13724 httpd optional apache2-suexec-pristine_2.4.46-4ubuntu1.5_arm64.deb 5566e107a1c85d879229b814e9233c2c 118080 debug optional apache2-utils-dbgsym_2.4.46-4ubuntu1.5_arm64.ddeb 1474259f046aa7fb1b5e0524492ab4fc 81016 httpd optional apache2-utils_2.4.46-4ubuntu1.5_arm64.deb d3a0867b6a2a8614fa6f45902aad60c1 12111 httpd optional apache2_2.4.46-4ubuntu1.5_arm64.buildinfo a3823a739d07a41afb9396f264895edd 95692 httpd optional apache2_2.4.46-4ubuntu1.5_arm64.deb 5af30bb4be7b63e715e70e511e2f65d8 1004 oldlibs optional libapache2-mod-md_2.4.46-4ubuntu1.5_arm64.deb 142906a8f15ce83a9dad8966a0db920a 1180 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.46-4ubuntu1.5_arm64.deb Original-Maintainer: Debian Apache Maintainers