Format: 1.8
Date: Wed, 16 Mar 2022 12:46:16 -0400
Source: apache2
Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi
Built-For-Profiles: noudeb
Architecture: riscv64
Version: 2.4.48-3.1ubuntu3.3
Distribution: impish
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@riscv64-qemu-lcy01-007.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Changes:
 apache2 (2.4.48-3.1ubuntu3.3) impish-security; urgency=medium
 .
   * SECURITY UPDATE: OOB read in mod_lua via crafted request body
     - debian/patches/CVE-2022-22719.patch: error out if lua_read_body() or
       lua_write_body() fail in modules/lua/lua_request.c.
     - CVE-2022-22719
   * SECURITY UPDATE: HTTP Request Smuggling via error discarding the
     request body
     - debian/patches/CVE-2022-22720.patch: simpler connection close logic
       if discarding the request body fails in modules/http/http_filters.c,
       server/protocol.c.
     - CVE-2022-22720
   * SECURITY UPDATE: overflow via large LimitXMLRequestBody
     - debian/patches/CVE-2022-22721.patch: make sure and check that
       LimitXMLRequestBody fits in system memory in server/core.c,
       server/util.c, server/util_xml.c.
     - CVE-2022-22721
   * SECURITY UPDATE: out-of-bounds write in mod_sed
     - debian/patches/CVE-2022-23943-1.patch: use size_t to allow for larger
       buffer sizes and unsigned arithmetics in modules/filters/libsed.h,
       modules/filters/mod_sed.c, modules/filters/sed1.c.
     - debian/patches/CVE-2022-23943-2.patch: improve the logic flow in
       modules/filters/mod_sed.c.
     - CVE-2022-23943
Checksums-Sha1:
 5d54b696574c3fdb75bb5c607b6f26e9b1dce3cb 3676548 apache2-bin-dbgsym_2.4.48-3.1ubuntu3.3_riscv64.ddeb
 b718b02d074346c00283f556b67d2814e18abda2 1145426 apache2-bin_2.4.48-3.1ubuntu3.3_riscv64.deb
 d733e2fa04ecd9173ed26ce5357dc2065bf4e764 187490 apache2-dev_2.4.48-3.1ubuntu3.3_riscv64.deb
 5fa955c6447b1275f938baa3f3cf81d72038374d 2986 apache2-ssl-dev_2.4.48-3.1ubuntu3.3_riscv64.deb
 98f014c38b2d42f3b2ea152b01fdfed4b22412b9 12690 apache2-suexec-custom-dbgsym_2.4.48-3.1ubuntu3.3_riscv64.ddeb
 f275846c918a6ed09180d8a43c907469a9e6c9cf 15572 apache2-suexec-custom_2.4.48-3.1ubuntu3.3_riscv64.deb
 1757c1a71385a11d2cf18b09375eef2f1c955adf 11484 apache2-suexec-pristine-dbgsym_2.4.48-3.1ubuntu3.3_riscv64.ddeb
 eb1abef21ff67943f72e908a5f020dbde5689826 14052 apache2-suexec-pristine_2.4.48-3.1ubuntu3.3_riscv64.deb
 bb0f9a80d7dcb31bad5375c8f3ff666b949258ed 119158 apache2-utils-dbgsym_2.4.48-3.1ubuntu3.3_riscv64.ddeb
 3b101bb9b42b4a6b431e76106bc64dbbd9925a39 83686 apache2-utils_2.4.48-3.1ubuntu3.3_riscv64.deb
 6c554e1e75de1a436a02173e2365b8a4b9a5836f 11777 apache2_2.4.48-3.1ubuntu3.3_riscv64.buildinfo
 15d0a19ea8c539aaa4cbf2f36887cd857e1a12f7 97834 apache2_2.4.48-3.1ubuntu3.3_riscv64.deb
 9aff82e1eef91ca0e48190d14dd869df89f5378b 810 libapache2-mod-md_2.4.48-3.1ubuntu3.3_riscv64.deb
 a10bd0996df527b7b9538b6de600493d3cd7bc86 990 libapache2-mod-proxy-uwsgi_2.4.48-3.1ubuntu3.3_riscv64.deb
Checksums-Sha256:
 7a39e214f55e855c3610d4a84aa6fc4a90fbd7a785b67b2726ab62bc7f949279 3676548 apache2-bin-dbgsym_2.4.48-3.1ubuntu3.3_riscv64.ddeb
 e87e053f01d486edce8786c35d037dba132ab886306e94f8189b1ed827f9ea26 1145426 apache2-bin_2.4.48-3.1ubuntu3.3_riscv64.deb
 c509642141f9a7adc48342d5f18986d202edf786efc20b45545e74394a655721 187490 apache2-dev_2.4.48-3.1ubuntu3.3_riscv64.deb
 b35da488ba4b9949241bde19d11c64f84d50cfb0daf17cbef0eea9868f6a7844 2986 apache2-ssl-dev_2.4.48-3.1ubuntu3.3_riscv64.deb
 e5cd5abc5c37bf31f8e21bf72c3e44c247975dcfc058faf128e80d0115d95c8a 12690 apache2-suexec-custom-dbgsym_2.4.48-3.1ubuntu3.3_riscv64.ddeb
 62a1cb3dc37e6e3658b1c0eccf615992b67efaf7a92208611f7b6dfdadb5fee1 15572 apache2-suexec-custom_2.4.48-3.1ubuntu3.3_riscv64.deb
 5c28c43e909032f01b707d3f99c30434719de485679928f32d9c59229d8566fd 11484 apache2-suexec-pristine-dbgsym_2.4.48-3.1ubuntu3.3_riscv64.ddeb
 23cb286809dd0aaef2d9c616f840868ef94e32b4073681e899f42d468110d10e 14052 apache2-suexec-pristine_2.4.48-3.1ubuntu3.3_riscv64.deb
 850a1ff25c4f670c316f8765aa5b5b3d8fa19f1e24715553dbdd52a951b436b9 119158 apache2-utils-dbgsym_2.4.48-3.1ubuntu3.3_riscv64.ddeb
 0cd72245c1e4961745f098abebcfb454400b0fe0608749fb3851a90c478dba1a 83686 apache2-utils_2.4.48-3.1ubuntu3.3_riscv64.deb
 3db5da1cb54451b160d51bcf545c0fd2e8a564f5d00ab02fdfb32d4953345953 11777 apache2_2.4.48-3.1ubuntu3.3_riscv64.buildinfo
 20bb66acd25d526457234b7960e909cb2f54dc74110769844459eed4aaee15ff 97834 apache2_2.4.48-3.1ubuntu3.3_riscv64.deb
 1d2064d2f9f42dd3b39fa6b914bb767ee65e588692e4ce6a6bd560c4b9e69562 810 libapache2-mod-md_2.4.48-3.1ubuntu3.3_riscv64.deb
 6e87abc6a4c04fe1034ba6b869cc21e3089e0efbf9983b5df52e45a0b066b868 990 libapache2-mod-proxy-uwsgi_2.4.48-3.1ubuntu3.3_riscv64.deb
Files:
 ecca1302addb09db4b11aeab601ca703 3676548 debug optional apache2-bin-dbgsym_2.4.48-3.1ubuntu3.3_riscv64.ddeb
 07753b8be7032d0c6b3dd3880053604d 1145426 httpd optional apache2-bin_2.4.48-3.1ubuntu3.3_riscv64.deb
 89fae4e40d859d776ef57d4b31ccb0a9 187490 httpd optional apache2-dev_2.4.48-3.1ubuntu3.3_riscv64.deb
 354ef6f9ab40a4d2747ac0bee83ce653 2986 httpd optional apache2-ssl-dev_2.4.48-3.1ubuntu3.3_riscv64.deb
 3cf3dcb9db1bd07b7fed42e83c801045 12690 debug optional apache2-suexec-custom-dbgsym_2.4.48-3.1ubuntu3.3_riscv64.ddeb
 c7b9e1e890183336a2a75d3b7f683f18 15572 httpd optional apache2-suexec-custom_2.4.48-3.1ubuntu3.3_riscv64.deb
 17b52096f0c84189498d54b98d564ebc 11484 debug optional apache2-suexec-pristine-dbgsym_2.4.48-3.1ubuntu3.3_riscv64.ddeb
 8a751c07c1929b96e6fe2d19b2b60618 14052 httpd optional apache2-suexec-pristine_2.4.48-3.1ubuntu3.3_riscv64.deb
 bdc0b707dcad9e24b99016e1a8d88161 119158 debug optional apache2-utils-dbgsym_2.4.48-3.1ubuntu3.3_riscv64.ddeb
 b62a7eaedb97465357f239f257172b5b 83686 httpd optional apache2-utils_2.4.48-3.1ubuntu3.3_riscv64.deb
 2689ff1534ce5bed63c3eef11ca7ad83 11777 httpd optional apache2_2.4.48-3.1ubuntu3.3_riscv64.buildinfo
 450c1288eb3314e692cce0b6c9011435 97834 httpd optional apache2_2.4.48-3.1ubuntu3.3_riscv64.deb
 bf527e6e5ec7199b8e3d2b5e20a2cafc 810 oldlibs optional libapache2-mod-md_2.4.48-3.1ubuntu3.3_riscv64.deb
 8daeeaa3fafea395360fa061fd28dc2f 990 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.48-3.1ubuntu3.3_riscv64.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>