Format: 1.8
Date: Wed, 16 Mar 2022 12:53:42 -0400
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg
Architecture: amd64 all
Version: 2.4.29-1ubuntu4.22
Distribution: bionic
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy02-amd64-100.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
Changes:
 apache2 (2.4.29-1ubuntu4.22) bionic-security; urgency=medium
 .
   * SECURITY UPDATE: OOB read in mod_lua via crafted request body
     - debian/patches/CVE-2022-22719.patch: error out if lua_read_body() or
       lua_write_body() fail in modules/lua/lua_request.c.
     - CVE-2022-22719
   * SECURITY UPDATE: HTTP Request Smuggling via error discarding the
     request body
     - debian/patches/CVE-2022-22720.patch: simpler connection close logic
       if discarding the request body fails in modules/http/http_filters.c,
       server/protocol.c.
     - CVE-2022-22720
   * SECURITY UPDATE: overflow via large LimitXMLRequestBody
     - debian/patches/CVE-2022-22721.patch: make sure and check that
       LimitXMLRequestBody fits in system memory in server/core.c,
       server/util.c, server/util_xml.c.
     - CVE-2022-22721
   * SECURITY UPDATE: out-of-bounds write in mod_sed
     - debian/patches/CVE-2022-23943-1.patch: use size_t to allow for larger
       buffer sizes and unsigned arithmetics in modules/filters/libsed.h,
       modules/filters/mod_sed.c, modules/filters/sed1.c.
     - debian/patches/CVE-2022-23943-2.patch: improve the logic flow in
       modules/filters/mod_sed.c.
     - CVE-2022-23943
Checksums-Sha1:
 4e17c0902621e51b11ad3d62b704ee085ec55537 1070956 apache2-bin_2.4.29-1ubuntu4.22_amd64.deb
 b776cff9f988de5d1b6570acc5218009d8fe6fdb 159980 apache2-data_2.4.29-1ubuntu4.22_all.deb
 f3adebd9fe8da9ed10f6b57de97e57de0f52367c 3960692 apache2-dbg_2.4.29-1ubuntu4.22_amd64.deb
 e96b647bcfb69b3af700094a10bc1d9d31f6fb92 177872 apache2-dev_2.4.29-1ubuntu4.22_amd64.deb
 f2818c3975c2b6b3fff957f49bd514bdf4dd5467 3698140 apache2-doc_2.4.29-1ubuntu4.22_all.deb
 65999f15d10c209edb05f5541146c21013caa836 2396 apache2-ssl-dev_2.4.29-1ubuntu4.22_amd64.deb
 c189366f42293cfbcb2d18c5780fe35749cb6099 15392 apache2-suexec-custom_2.4.29-1ubuntu4.22_amd64.deb
 9b6daa2e3d97954bbc3ccd6c8e2b35d6fc68ce5e 13892 apache2-suexec-pristine_2.4.29-1ubuntu4.22_amd64.deb
 fdd2694f9d7a10fe2df0efefadae508a21fee13a 83984 apache2-utils_2.4.29-1ubuntu4.22_amd64.deb
 c86e999e325ce978f4559727c0f63ac6c591272c 10899 apache2_2.4.29-1ubuntu4.22_amd64.buildinfo
 216c34f96ac049bf3c062b2cc3b9cf3d918a3a1f 95132 apache2_2.4.29-1ubuntu4.22_amd64.deb
Checksums-Sha256:
 30c60996a9a89608c5601e796c02e599d7b8b3f8981984ea71986967d60a4a17 1070956 apache2-bin_2.4.29-1ubuntu4.22_amd64.deb
 864808d9892fc5cade9896d6efbbbe06f74f2d1862649eb9f47e15c4fccc698f 159980 apache2-data_2.4.29-1ubuntu4.22_all.deb
 79598fc428b2a86c1ceaaf6c3ded44e29bde1d2ebb0eace7dc45a863ed60d284 3960692 apache2-dbg_2.4.29-1ubuntu4.22_amd64.deb
 bf8d6fe3010cb0ea23c774a6720f1ca25d18ff792b0b744aa13fdf575b46723f 177872 apache2-dev_2.4.29-1ubuntu4.22_amd64.deb
 9c9d8b75018bf003e6c8fbaac28950be8380fa4b7042d7272e1a424b9fea0fe1 3698140 apache2-doc_2.4.29-1ubuntu4.22_all.deb
 dce22acbad241bf4153cca588b5676e4bdf14eccfc60e9f35771b5f5ca2b0fd7 2396 apache2-ssl-dev_2.4.29-1ubuntu4.22_amd64.deb
 1488c73404e4f0ee9d0321d96ce4983738420d4a6ac4dbb08e686c69201f8b54 15392 apache2-suexec-custom_2.4.29-1ubuntu4.22_amd64.deb
 cca89a59dd5433551394483a3a43ead48659f5aa17acf2008368f6e77c5d725f 13892 apache2-suexec-pristine_2.4.29-1ubuntu4.22_amd64.deb
 fdf03e70376192537eac71b39ef4f5df3179ae952db15da70e0aa3b566d5e3b3 83984 apache2-utils_2.4.29-1ubuntu4.22_amd64.deb
 e2960e89553fe561119552730716e718f46350d9ffc272c416c97b31dc950304 10899 apache2_2.4.29-1ubuntu4.22_amd64.buildinfo
 78cddada57fb80e5e80dc04c26d87a648e62671e22690a907bd437926f2c132b 95132 apache2_2.4.29-1ubuntu4.22_amd64.deb
Files:
 d16f2124dbff0bf1006273e65f9b98dd 1070956 httpd optional apache2-bin_2.4.29-1ubuntu4.22_amd64.deb
 b3e310905d842579557df30d934d76f2 159980 httpd optional apache2-data_2.4.29-1ubuntu4.22_all.deb
 4bff368a598cd8237d02dd1e6daeef6d 3960692 debug optional apache2-dbg_2.4.29-1ubuntu4.22_amd64.deb
 382848c239e357db4ee558e6b976012f 177872 httpd optional apache2-dev_2.4.29-1ubuntu4.22_amd64.deb
 df4296bdda1df3a67024e4ae63b634f3 3698140 doc optional apache2-doc_2.4.29-1ubuntu4.22_all.deb
 b8c8acb71599e0281595e9555ff615b7 2396 httpd optional apache2-ssl-dev_2.4.29-1ubuntu4.22_amd64.deb
 f90ea9914c069aa22d0e239cfc197f3e 15392 httpd optional apache2-suexec-custom_2.4.29-1ubuntu4.22_amd64.deb
 caf273a948d629d7956e1a1be626c501 13892 httpd optional apache2-suexec-pristine_2.4.29-1ubuntu4.22_amd64.deb
 f2caf788e666d3bfa4bdc1dfe789f5c7 83984 httpd optional apache2-utils_2.4.29-1ubuntu4.22_amd64.deb
 ec1917d3da30eefb6f2d811439197201 10899 httpd optional apache2_2.4.29-1ubuntu4.22_amd64.buildinfo
 23951f4d0cf2f1999791b8c085400b4a 95132 httpd optional apache2_2.4.29-1ubuntu4.22_amd64.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>