Format: 1.8 Date: Wed, 05 Jan 2022 09:38:48 -0500 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Built-For-Profiles: noudeb Architecture: riscv64 Version: 2.4.46-4ubuntu1.5 Distribution: hirsute Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.46-4ubuntu1.5) hirsute-security; urgency=medium . * SECURITY UPDATE: DoS or SSRF via forward proxy - debian/patches/CVE-2021-44224-1.patch: enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname in include/http_protocol.h, modules/http/http_request.c, modules/http2/h2_request.c, modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c, server/protocol.c. - debian/patches/CVE-2021-44224-2.patch: don't prevent forwarding URIs w/ no hostname in modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c. - CVE-2021-44224 * SECURITY UPDATE: overflow in mod_lua multipart parser - debian/patches/CVE-2021-44790.patch: improve error handling in modules/lua/lua_request.c. - CVE-2021-44790 Checksums-Sha1: 130723fea189e0010552704b52746c6a54600570 3159124 apache2-bin-dbgsym_2.4.46-4ubuntu1.5_riscv64.ddeb 14324641ea4d6e574c397730c0f6f74d180550c8 1025108 apache2-bin_2.4.46-4ubuntu1.5_riscv64.deb 5c101e6a187d97a01ee66373bf188e7e9b0f0ee5 180316 apache2-dev_2.4.46-4ubuntu1.5_riscv64.deb 5bf5ba1097c26c279043e65bf17a2e5426afe35b 3172 apache2-ssl-dev_2.4.46-4ubuntu1.5_riscv64.deb ba7af4aea8c0539db01bda90a197a9350fa3380d 12276 apache2-suexec-custom-dbgsym_2.4.46-4ubuntu1.5_riscv64.ddeb dc801f309c37cbb95acbeded4f73ae1b9c792cf0 14764 apache2-suexec-custom_2.4.46-4ubuntu1.5_riscv64.deb 5d4caa7a6598d14bf462e58907e091dcc863fdae 11100 apache2-suexec-pristine-dbgsym_2.4.46-4ubuntu1.5_riscv64.ddeb 06a1a8908e83b019aa156d9b22b1dcccdebe31e5 13292 apache2-suexec-pristine_2.4.46-4ubuntu1.5_riscv64.deb 6843a5cfccb5245a9662d89756467629c86990b1 115476 apache2-utils-dbgsym_2.4.46-4ubuntu1.5_riscv64.ddeb 8db340332abb2980734a9bfffd83eeb1e07a427e 79144 apache2-utils_2.4.46-4ubuntu1.5_riscv64.deb 92e8fe0afb2e2bd23adee32d2c273189afff3b8b 11983 apache2_2.4.46-4ubuntu1.5_riscv64.buildinfo 8f781a6cddf0050f8d5b4cb2f686f386ddb7097f 95700 apache2_2.4.46-4ubuntu1.5_riscv64.deb 0ae551ae536add1784e1d6894c56f1b966983196 1004 libapache2-mod-md_2.4.46-4ubuntu1.5_riscv64.deb b283dedf8d0383b19c8f0c9eebba8c0b03c30429 1184 libapache2-mod-proxy-uwsgi_2.4.46-4ubuntu1.5_riscv64.deb Checksums-Sha256: 16a49eb520ccd7e809804ef61b13573017c261d6c39fd1833b3d36b5cab63abc 3159124 apache2-bin-dbgsym_2.4.46-4ubuntu1.5_riscv64.ddeb 012c53d3f1428cff131dca3bb542c97fde9de95a0fd197c94e3ee51d26e3c352 1025108 apache2-bin_2.4.46-4ubuntu1.5_riscv64.deb 2403cb55445e0e5791b034ea58d11d594f6b135c3116f6b8c911b5f4791aa2ed 180316 apache2-dev_2.4.46-4ubuntu1.5_riscv64.deb 336f3a3140c0d32c67361fb80331bc1f3ddd9a5fd1c36c509c08e88e8065f2c3 3172 apache2-ssl-dev_2.4.46-4ubuntu1.5_riscv64.deb c59828ac1345d53f1bfd7a36f59d34e246f8a92fc1a1b29a355aa3ef08aeb383 12276 apache2-suexec-custom-dbgsym_2.4.46-4ubuntu1.5_riscv64.ddeb 718b0df22b877eadcba8b31e28c7007c2685a66edda47554f24cec70b4da9a08 14764 apache2-suexec-custom_2.4.46-4ubuntu1.5_riscv64.deb 3bfb26b72607efffd94505f8c9c8f5831e15362365df50e67459f80e5f831c64 11100 apache2-suexec-pristine-dbgsym_2.4.46-4ubuntu1.5_riscv64.ddeb ffcc535c6d46d79a0de2f7d900dd8b6952803b00a14ed352497a82be28347c2f 13292 apache2-suexec-pristine_2.4.46-4ubuntu1.5_riscv64.deb 4aa130f18267ff4d835efdb51294a79ea818c1a1d800be533ddd4d6e2550b736 115476 apache2-utils-dbgsym_2.4.46-4ubuntu1.5_riscv64.ddeb 0eb35b238ca8471871ac3e9102dfd8783251c7df11715876f0cc3cf8dbd5c020 79144 apache2-utils_2.4.46-4ubuntu1.5_riscv64.deb 6c6688acd50b67cf0a35b1784caf6a0a0b91d5e34ca194723663a950d9b4785d 11983 apache2_2.4.46-4ubuntu1.5_riscv64.buildinfo a6a588f4f511f931a901500c231ffcda63d01a191c74cb44448d88d85abfea96 95700 apache2_2.4.46-4ubuntu1.5_riscv64.deb 7e063ea7054973c146f1c635e9faf83dd3ff920a1eb58eeaeb70f01ea916e457 1004 libapache2-mod-md_2.4.46-4ubuntu1.5_riscv64.deb 7fcd8deed948128a83758fc1ef25c86782b5638afde98c2cca9ab42b82ad4ba3 1184 libapache2-mod-proxy-uwsgi_2.4.46-4ubuntu1.5_riscv64.deb Files: 33037ba456e134444c3244071a5bb795 3159124 debug optional apache2-bin-dbgsym_2.4.46-4ubuntu1.5_riscv64.ddeb dcbfbfd95ef6392412de6b846473405f 1025108 httpd optional apache2-bin_2.4.46-4ubuntu1.5_riscv64.deb b321a42bf8d0f503a45ef46c3cad957f 180316 httpd optional apache2-dev_2.4.46-4ubuntu1.5_riscv64.deb 37c52c8eb55a5b51d9419b914a08819b 3172 httpd optional apache2-ssl-dev_2.4.46-4ubuntu1.5_riscv64.deb 4b5cd7552c1c8489b246c029d2a94702 12276 debug optional apache2-suexec-custom-dbgsym_2.4.46-4ubuntu1.5_riscv64.ddeb ea7e90c3be2d2692ad1cf7d731a14822 14764 httpd optional apache2-suexec-custom_2.4.46-4ubuntu1.5_riscv64.deb 80d318f2aa4eb1b38e9c89863b48bb08 11100 debug optional apache2-suexec-pristine-dbgsym_2.4.46-4ubuntu1.5_riscv64.ddeb 9a0525387b6af09167753bb7fd0c6282 13292 httpd optional apache2-suexec-pristine_2.4.46-4ubuntu1.5_riscv64.deb bfe57aca0794281f5f13524d05eeac4a 115476 debug optional apache2-utils-dbgsym_2.4.46-4ubuntu1.5_riscv64.ddeb f649619eea144c1d7574975e7391709b 79144 httpd optional apache2-utils_2.4.46-4ubuntu1.5_riscv64.deb 3fca6e6fb4646a962085c6251468b07f 11983 httpd optional apache2_2.4.46-4ubuntu1.5_riscv64.buildinfo e8ead1ee0f77fba9356f029ea468c9ec 95700 httpd optional apache2_2.4.46-4ubuntu1.5_riscv64.deb 42ebb3a868aba132e8270b9ec636b369 1004 oldlibs optional libapache2-mod-md_2.4.46-4ubuntu1.5_riscv64.deb a342e5937616002919d440364355e00c 1184 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.46-4ubuntu1.5_riscv64.deb Original-Maintainer: Debian Apache Maintainers