Format: 1.8 Date: Tue, 14 Jun 2022 09:33:28 -0300 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Built-For-Profiles: noudeb Architecture: i386 Version: 2.4.48-3.1ubuntu3.5 Distribution: impish Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Leonidas Da Silva Barbosa Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.48-3.1ubuntu3.5) impish-security; urgency=medium . * SECURITY UPDATE: HTTP Request Smuggling - debian/patches/CVE-2022-26377.patch: changing precedence between T-E and C-L in modules/proxy/mod_proxy_ajp.c. - CVE-2022-26377 * SECURITY UPDATE: Read beyond bounds - debian/patches/CVE-2022-28614.patch: handle large writes in ap_rputs. in server/util.c. - CVE-2022-28614 * SECURITY UPDATE: Read beyond bounds - debian/patches/CVE-2022-28615.patch: fix types in server/util.c. - CVE-2022-28615 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2022-29404.patch: cast first in modules/lua/lua_request.c. - CVE-2022-29404 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2022-30522.patch: limit mod_sed memory use in modules/filters/mod_sec.c, modules/filters/sed1.c. - CVE-2022-30522 * SECURITY UPDATE: Returning point past of the buffer - debian/patches/CVE-2022-30556.patch: use filters consitently in modules/lua/lua_request.c. - CVE-2022-30556 * SECURITY UPDATE: Bypass IP authentication - debian/patches/CVE-2022-31813.patch: to clear hop-by-hop first and fixup last in modules/proxy/proxy_util.c. - CVE-2022-31813 Checksums-Sha1: e0404d1ca0fa257a61bf00a850c47b3c6db88e71 3202384 apache2-bin-dbgsym_2.4.48-3.1ubuntu3.5_i386.ddeb d55c86825cc810835cb908dccd495dd05fe769df 1414076 apache2-bin_2.4.48-3.1ubuntu3.5_i386.deb 2f59166e8cfcb0efeb0856a6a8aff9c6ec333b99 187900 apache2-dev_2.4.48-3.1ubuntu3.5_i386.deb 09fd205a27520523c7c3d0ead233c46b1339f2fb 2980 apache2-ssl-dev_2.4.48-3.1ubuntu3.5_i386.deb bdaed245fbab86af54469b2533f3b4ea24850244 11596 apache2-suexec-custom-dbgsym_2.4.48-3.1ubuntu3.5_i386.ddeb 6121451b72e67d7c21526221a7884e07f7366781 16372 apache2-suexec-custom_2.4.48-3.1ubuntu3.5_i386.deb a289014ab49d01e3538307968a9d7bcd7a110164 10294 apache2-suexec-pristine-dbgsym_2.4.48-3.1ubuntu3.5_i386.ddeb 2a5a053a0533e5085fd71db2513e9e4ef9897528 14714 apache2-suexec-pristine_2.4.48-3.1ubuntu3.5_i386.deb 95efdc485d4b02a883294db3c90ce64cf438a073 109540 apache2-utils-dbgsym_2.4.48-3.1ubuntu3.5_i386.ddeb 1f643ae40e5a4d60d31a22f7a5bbbb10a955acc2 93404 apache2-utils_2.4.48-3.1ubuntu3.5_i386.deb 15704b3d710f1616535dad68e41ecbb0bc33756e 11869 apache2_2.4.48-3.1ubuntu3.5_i386.buildinfo 0264c7f2dd9a9f2bb0e7da0f9da5b80589f775d0 97854 apache2_2.4.48-3.1ubuntu3.5_i386.deb 4f85b06c10648b828f7fdec81195587cd2cd108e 802 libapache2-mod-md_2.4.48-3.1ubuntu3.5_i386.deb 388d819c4638ab0e123c1258d78f5de7b5cd7c32 988 libapache2-mod-proxy-uwsgi_2.4.48-3.1ubuntu3.5_i386.deb Checksums-Sha256: 28c48ca2e1de3a63aaa42ff2932dfa98c54e1f314b571bc6afdb6ad2d1d53125 3202384 apache2-bin-dbgsym_2.4.48-3.1ubuntu3.5_i386.ddeb 974702d6ee65849de79fcbb30127925ce8a40cd65a26308baab4205699581804 1414076 apache2-bin_2.4.48-3.1ubuntu3.5_i386.deb c94c40c2fda8cd8876c29abf69b64e5d34a5364d2bba2768f8e848c77f9fcaa9 187900 apache2-dev_2.4.48-3.1ubuntu3.5_i386.deb 05e819a4869c514eef0e82d4459ca07ea49f79597ba42910ed232cec84c113d2 2980 apache2-ssl-dev_2.4.48-3.1ubuntu3.5_i386.deb da8f1ba99f8223fa05945381a0971429bb3e3f9058a7399f232221ca1699c7b1 11596 apache2-suexec-custom-dbgsym_2.4.48-3.1ubuntu3.5_i386.ddeb 6474a98e86bf0fb825c27987863fdd0824f375d477486c3f4fa18c7752bfc918 16372 apache2-suexec-custom_2.4.48-3.1ubuntu3.5_i386.deb 80b7187447bb26662949a5348a49ff416d845dc0d2032c8130cb8895e0ea6cab 10294 apache2-suexec-pristine-dbgsym_2.4.48-3.1ubuntu3.5_i386.ddeb 63fbcfd2221d0e154e2c0fcc864740002f58ce9ff1cce693bc7d173e2c78756c 14714 apache2-suexec-pristine_2.4.48-3.1ubuntu3.5_i386.deb 652e9c90adbe651283abbd352dc227748fbf38516bd41cec4dfbcae7d270783d 109540 apache2-utils-dbgsym_2.4.48-3.1ubuntu3.5_i386.ddeb fd6f2e3c96bc662494a6ecd998b23db80f2cfb632483fc314d7d3c30b8cfb661 93404 apache2-utils_2.4.48-3.1ubuntu3.5_i386.deb 8e6e87a2f1c5a4caad2f354ae7ecb6e96cbcb416956a71b73c552318e2cb257c 11869 apache2_2.4.48-3.1ubuntu3.5_i386.buildinfo 3336c6caf9a3e89b0fcd4609091d5b404bc2356685bdc9f7f31bc1035174a16f 97854 apache2_2.4.48-3.1ubuntu3.5_i386.deb 5971d422bf939c87accd6c916b0246e7e50270f4c5c39e262db4465e6c9bf661 802 libapache2-mod-md_2.4.48-3.1ubuntu3.5_i386.deb 388153ccfe2c78de0105f4cb8e8bb881fd222def1b122607742746a3e1801e9d 988 libapache2-mod-proxy-uwsgi_2.4.48-3.1ubuntu3.5_i386.deb Files: dc2447bf1161a51a60758d1421970456 3202384 debug optional apache2-bin-dbgsym_2.4.48-3.1ubuntu3.5_i386.ddeb bc2113adb355e4d012479a69919acb52 1414076 httpd optional apache2-bin_2.4.48-3.1ubuntu3.5_i386.deb a11da29dfe0d2736e621fc091c0e913f 187900 httpd optional apache2-dev_2.4.48-3.1ubuntu3.5_i386.deb 864e01dc96e23a28160dfd16f2f704dd 2980 httpd optional apache2-ssl-dev_2.4.48-3.1ubuntu3.5_i386.deb d5cb1dbe45ad7edf516daf589d065ab9 11596 debug optional apache2-suexec-custom-dbgsym_2.4.48-3.1ubuntu3.5_i386.ddeb a52da501c10a353109a71465098ec922 16372 httpd optional apache2-suexec-custom_2.4.48-3.1ubuntu3.5_i386.deb 531a25d084cbbb3d37ea0558d7c53acf 10294 debug optional apache2-suexec-pristine-dbgsym_2.4.48-3.1ubuntu3.5_i386.ddeb 77a25e6707a9547475d1a7ce7e6fc23c 14714 httpd optional apache2-suexec-pristine_2.4.48-3.1ubuntu3.5_i386.deb 08fb81fe6e67b55d43a9bef00e47b68e 109540 debug optional apache2-utils-dbgsym_2.4.48-3.1ubuntu3.5_i386.ddeb 1af6fa28541f01050d7c83254dc9ed15 93404 httpd optional apache2-utils_2.4.48-3.1ubuntu3.5_i386.deb 291af8552621e62958ce382d2f36138b 11869 httpd optional apache2_2.4.48-3.1ubuntu3.5_i386.buildinfo ebc697ce1206a575eaae65eae17feaf4 97854 httpd optional apache2_2.4.48-3.1ubuntu3.5_i386.deb f65879041df3ef97f27434b0028300bb 802 oldlibs optional libapache2-mod-md_2.4.48-3.1ubuntu3.5_i386.deb be89481cc1adaf848c394c248cf38298 988 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.48-3.1ubuntu3.5_i386.deb Original-Maintainer: Debian Apache Maintainers