Format: 1.8
Date: Tue, 14 Jun 2022 10:30:55 -0300
Source: apache2
Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: i386
Version: 2.4.41-4ubuntu3.12
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy02-amd64-108.buildd>
Changed-By: Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Changes:
 apache2 (2.4.41-4ubuntu3.12) focal-security; urgency=medium
 .
   * SECURITY UPDATE: HTTP Request Smuggling
     - debian/patches/CVE-2022-26377.patch: changing
       precedence between T-E and C-L in modules/proxy/mod_proxy_ajp.c.
     - CVE-2022-26377
   * SECURITY UPDATE: Read beyond bounds
     - debian/patches/CVE-2022-28614.patch: handle large
       writes in ap_rputs.
       in server/util.c.
     - CVE-2022-28614
   * SECURITY UPDATE: Read beyond bounds
     - debian/patches/CVE-2022-28615.patch: fix types
       in server/util.c.
     - CVE-2022-28615
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2022-29404.patch: cast first
       in modules/lua/lua_request.c.
     - CVE-2022-29404
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2022-30522.patch: limit mod_sed
       memory use in modules/filters/mod_sec.c,
       modules/filters/sed1.c.
     - CVE-2022-30522
   * SECURITY UPDATE: Returning point past of the buffer
     - debian/patches/CVE-2022-30556.patch: use filters consistently
       in modules/lua/lua_request.c.
     - CVE-2022-30556
   * SECURITY UPDATE: Bypass IP authentication
     - debian/patches/CVE-2022-31813.patch: to clear
       hop-by-hop first and fixup last in modules/proxy/proxy_util.c.
     - CVE-2022-31813
Checksums-Sha1:
 852d5265140e37ebaf9c55b148755d0fcb003b61 4334584 apache2-bin-dbgsym_2.4.41-4ubuntu3.12_i386.ddeb
 067471af90f5859e4b20d7dff40a4b4bc1d2d5ea 1252132 apache2-bin_2.4.41-4ubuntu3.12_i386.deb
 61882afe47fc8e35c5b02a197e3584567b0bcfc4 179640 apache2-dev_2.4.41-4ubuntu3.12_i386.deb
 040d98be420b6cdfaec6eb0fc72516d67dd4928a 3156 apache2-ssl-dev_2.4.41-4ubuntu3.12_i386.deb
 80eb1b362791d3e9755fb894cb547ea48fcadb54 11896 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.12_i386.ddeb
 3d188195b3cd53bd95ef70d379de0fe38a2c2bc7 15560 apache2-suexec-custom_2.4.41-4ubuntu3.12_i386.deb
 f123654f1ac180e1e9cba31ae2bd0eebce1b13d1 10700 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.12_i386.ddeb
 6b07ac2a78514f1c64022da0426c71ad290d446c 14024 apache2-suexec-pristine_2.4.41-4ubuntu3.12_i386.deb
 afd6171c2e563a6e8ac8ca80427818975d93c00f 131164 apache2-utils-dbgsym_2.4.41-4ubuntu3.12_i386.ddeb
 c7f958e6b44ac293efc5a922891c23d58eee34e0 89108 apache2-utils_2.4.41-4ubuntu3.12_i386.deb
 8ce38a0360f7cbc8addb86a2e28704b36865d778 11869 apache2_2.4.41-4ubuntu3.12_i386.buildinfo
 51f7fda03533d60fc486d538cc0a92d9e2cc4c4e 95592 apache2_2.4.41-4ubuntu3.12_i386.deb
 133ce3b0627143e20b6b752972641efe8702c174 988 libapache2-mod-md_2.4.41-4ubuntu3.12_i386.deb
 e029f266b8363e5965a781b2d18499c4a7ab2d0e 1184 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.12_i386.deb
Checksums-Sha256:
 92d90bc603db8b2fbaaeaa7cc1b4bfa8ac604f54b87ac749e1b1b4c3d8c2acbf 4334584 apache2-bin-dbgsym_2.4.41-4ubuntu3.12_i386.ddeb
 d36f414e002434925ef64a1b09aba5208af1f41e166f7a2b32924733bd637c03 1252132 apache2-bin_2.4.41-4ubuntu3.12_i386.deb
 da5de324c4fc2e73dbc89fa68711bee0caa770a8244675c06527c3d64777ff66 179640 apache2-dev_2.4.41-4ubuntu3.12_i386.deb
 57dff6eed1141d45f233e036e205ef8ba62994627af1f0ca1f03f87de0dc9fc4 3156 apache2-ssl-dev_2.4.41-4ubuntu3.12_i386.deb
 49a25cd1704446a955949009e14b575a5dd2098068c6080087f2c016a9182be4 11896 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.12_i386.ddeb
 77a92c050d23962aad9a350493c830dd7d0ee62749774504b25a705d760a78e5 15560 apache2-suexec-custom_2.4.41-4ubuntu3.12_i386.deb
 500ccaa69d09ac9253255299b585639ba576b511ef26faea3bb92ba9fb03d2af 10700 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.12_i386.ddeb
 6b8f736771772af0212ac06fec10b2e59055e99c7eaf0294edc107d5dd81427e 14024 apache2-suexec-pristine_2.4.41-4ubuntu3.12_i386.deb
 19b36a9c448d636eca54ad6d9089e4f014aa9d1da5f39c0bad5b7e7032a81fcd 131164 apache2-utils-dbgsym_2.4.41-4ubuntu3.12_i386.ddeb
 fda9c25e5317c8298860292a68589ce9e7bbe1dacf27783e6f0619ac1fe5d122 89108 apache2-utils_2.4.41-4ubuntu3.12_i386.deb
 22bec431e036e7738fa95a5fe0deed7ea22ca706df8c3bdf199c80933ce561d9 11869 apache2_2.4.41-4ubuntu3.12_i386.buildinfo
 873b0ef61427853f99b3e7fc2d687748456260522c23901f942ee958adba0005 95592 apache2_2.4.41-4ubuntu3.12_i386.deb
 d20eff60d7ba083936c585c4a557e0f0b2d7b008fcb610bb22d0a742acc67ff6 988 libapache2-mod-md_2.4.41-4ubuntu3.12_i386.deb
 de1ef8d1f32a7da991b5007f005182988cc7ba1f88dcec07326cbfed16ad4812 1184 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.12_i386.deb
Files:
 87aeeb2bb7594a2578120c25c72496c5 4334584 debug optional apache2-bin-dbgsym_2.4.41-4ubuntu3.12_i386.ddeb
 e253770b0bcd7779d53672f7f09b7aa0 1252132 httpd optional apache2-bin_2.4.41-4ubuntu3.12_i386.deb
 fc37a51a054ef79bf3fc402b060ad9ad 179640 httpd optional apache2-dev_2.4.41-4ubuntu3.12_i386.deb
 8a6cefacc99e14f74006782be6b43473 3156 httpd optional apache2-ssl-dev_2.4.41-4ubuntu3.12_i386.deb
 d45dd46a2d3c1d7173d7b0ed183d5d90 11896 debug optional apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.12_i386.ddeb
 6e60db3263395ee37d8ddd7d22aa32a8 15560 httpd optional apache2-suexec-custom_2.4.41-4ubuntu3.12_i386.deb
 934b774081bfaef2ad570ba2ea53209d 10700 debug optional apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.12_i386.ddeb
 b49bd8d77f2e8c3f2022c8f770721ec9 14024 httpd optional apache2-suexec-pristine_2.4.41-4ubuntu3.12_i386.deb
 7535cc54e96751f3406e72a426e5d86f 131164 debug optional apache2-utils-dbgsym_2.4.41-4ubuntu3.12_i386.ddeb
 60349360101c81709116a8a2ade85da5 89108 httpd optional apache2-utils_2.4.41-4ubuntu3.12_i386.deb
 dee0b4186e8817c35f298da6e4cc012d 11869 httpd optional apache2_2.4.41-4ubuntu3.12_i386.buildinfo
 fdd1a7fef24fc9292cbd17e4e176afe6 95592 httpd optional apache2_2.4.41-4ubuntu3.12_i386.deb
 905769aa3d8f05cbb8dc81dc0d6a5f95 988 oldlibs optional libapache2-mod-md_2.4.41-4ubuntu3.12_i386.deb
 63a34947f28c1dfe28dbd87a89da6640 1184 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.12_i386.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>