Format: 1.8 Date: Wed, 08 Mar 2023 12:32:01 -0500 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Built-For-Profiles: noudeb Architecture: arm64 Version: 2.4.52-1ubuntu4.4 Distribution: jammy Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.52-1ubuntu4.4) jammy-security; urgency=medium . * SECURITY UPDATE: HTTP request splitting with mod_rewrite and mod_proxy - debian/patches/CVE-2023-25690-1.patch: don't forward invalid query strings in modules/http2/mod_proxy_http2.c, modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy_ajp.c, modules/proxy/mod_proxy_balancer.c, modules/proxy/mod_proxy_http.c, modules/proxy/mod_proxy_wstunnel.c. - debian/patches/CVE-2023-25690-2.patch: Fix missing APLOGNO in modules/http2/mod_proxy_http2.c. - CVE-2023-25690 * SECURITY UPDATE: mod_proxy_uwsgi HTTP response splitting - debian/patches/CVE-2023-27522.patch: stricter backend HTTP response parsing/validation in modules/proxy/mod_proxy_uwsgi.c. - CVE-2023-27522 Checksums-Sha1: 16ac618d03946e507c66812a09001b8998760e6e 3930188 apache2-bin-dbgsym_2.4.52-1ubuntu4.4_arm64.ddeb d35a78dbbb8364622af3d1cbe8fd46fb7bd3c207 1301310 apache2-bin_2.4.52-1ubuntu4.4_arm64.deb 0da8f09ca5152b8d3c1b8527bd6e189eece47ca6 191020 apache2-dev_2.4.52-1ubuntu4.4_arm64.deb 29c22c7771cbbea0c61596e96fda5fb3b9adac5a 2982 apache2-ssl-dev_2.4.52-1ubuntu4.4_arm64.deb 598dc5e8eefce76a62f0d782cbfdeaa84d69eec9 12856 apache2-suexec-custom-dbgsym_2.4.52-1ubuntu4.4_arm64.ddeb 851a3c74ddf765bf767143ea119836eefa01d549 16148 apache2-suexec-custom_2.4.52-1ubuntu4.4_arm64.deb b43d4c5d392ee0622a2e5f5f450c9c555df32b25 11564 apache2-suexec-pristine-dbgsym_2.4.52-1ubuntu4.4_arm64.ddeb 0345f35e377342dc1f377a87007d798c9249e749 14602 apache2-suexec-pristine_2.4.52-1ubuntu4.4_arm64.deb d3ca942dad59c74fa8666a979cc4cf825a005a74 120982 apache2-utils-dbgsym_2.4.52-1ubuntu4.4_arm64.ddeb 7f12b7a8e743d7f9ac7387cdcc503e63b1b150b1 88110 apache2-utils_2.4.52-1ubuntu4.4_arm64.deb f00e1037c25cf9d11689102f265de4331d487f61 11931 apache2_2.4.52-1ubuntu4.4_arm64.buildinfo 638dc9efaff0792d9868322000e988c8f7500061 97850 apache2_2.4.52-1ubuntu4.4_arm64.deb 6f4515f583b8a42a1d157a9ec8a4a8ea414fd20a 804 libapache2-mod-md_2.4.52-1ubuntu4.4_arm64.deb c995ac6a33772eed69a7a060f92f0b795d3a99e5 984 libapache2-mod-proxy-uwsgi_2.4.52-1ubuntu4.4_arm64.deb Checksums-Sha256: 070275b25509411299bcbd36a16a1ca658abb2fb398df40d2bb0004d1c004ef3 3930188 apache2-bin-dbgsym_2.4.52-1ubuntu4.4_arm64.ddeb 68fb667f6b843a08d9ca47e00703769cb755f095db47a12581d12716aa257ade 1301310 apache2-bin_2.4.52-1ubuntu4.4_arm64.deb 32c0ec8ba043ea4ff94ec7e960eab6b6357033f2b17744e09274aacc365b4ad5 191020 apache2-dev_2.4.52-1ubuntu4.4_arm64.deb 56ad93907e653fbd7661210812b0c2b503327d339f91d641f7882c3deb3843cd 2982 apache2-ssl-dev_2.4.52-1ubuntu4.4_arm64.deb a6aa46f64780fd1c9ab63305aaf90c0e0a96cea38aac9131343d3bdb385b87a1 12856 apache2-suexec-custom-dbgsym_2.4.52-1ubuntu4.4_arm64.ddeb 5da4a8d6dd00e3dd79dd1f497decdc2097f3dee8252792fe8e2defb0043ed659 16148 apache2-suexec-custom_2.4.52-1ubuntu4.4_arm64.deb 8a4b74c94b562cb3231fdfd13fd812d38de27c1d5e5f29e7dc9460c4379d57de 11564 apache2-suexec-pristine-dbgsym_2.4.52-1ubuntu4.4_arm64.ddeb 6b426d08281b42519c38c06f743ef5ddfb5790c88dfc1d769c62101e5d40b4bc 14602 apache2-suexec-pristine_2.4.52-1ubuntu4.4_arm64.deb d58ac6e0551813f8066733cd52941d58e572fbe0e5f0f75a59754e1108dfe064 120982 apache2-utils-dbgsym_2.4.52-1ubuntu4.4_arm64.ddeb 40fb9e33579733982bc1f9161e628d967666249b6fd7ac18e06a44d041437830 88110 apache2-utils_2.4.52-1ubuntu4.4_arm64.deb 82139d120d155eaca94ba31cd031bb0836668c55d2d161afdd7fa4eb7f73d67c 11931 apache2_2.4.52-1ubuntu4.4_arm64.buildinfo 1675e82248aef1097fd6dddf56082e62609c840bb99bc4b173ee07ad1f40334f 97850 apache2_2.4.52-1ubuntu4.4_arm64.deb cbea6c32c867dca9838226fdb255eee53c030a765f444eb78b63bd9a359b377b 804 libapache2-mod-md_2.4.52-1ubuntu4.4_arm64.deb 5d4a9b567e24ac9c7e408741949e4f08a2b76d2678017d19ee337e06e6f0bcc5 984 libapache2-mod-proxy-uwsgi_2.4.52-1ubuntu4.4_arm64.deb Files: df242b9720e8c7020857edadb0c93471 3930188 debug optional apache2-bin-dbgsym_2.4.52-1ubuntu4.4_arm64.ddeb fb4985bb2ea3ed1f6f6ab0d1732d23a5 1301310 httpd optional apache2-bin_2.4.52-1ubuntu4.4_arm64.deb bce865603d3b80188ea694a932868cb7 191020 httpd optional apache2-dev_2.4.52-1ubuntu4.4_arm64.deb 46fcf18a0b29f5e89990d5337a11c2b4 2982 httpd optional apache2-ssl-dev_2.4.52-1ubuntu4.4_arm64.deb fe3e258d32c503efc248e6fb03da2c29 12856 debug optional apache2-suexec-custom-dbgsym_2.4.52-1ubuntu4.4_arm64.ddeb c7d3618c1cb2e5be45745829f246caca 16148 httpd optional apache2-suexec-custom_2.4.52-1ubuntu4.4_arm64.deb fd9c48b35d3893d9506b2167aca1e648 11564 debug optional apache2-suexec-pristine-dbgsym_2.4.52-1ubuntu4.4_arm64.ddeb 4bee544bcc9f6875ccc60c65c0566a7e 14602 httpd optional apache2-suexec-pristine_2.4.52-1ubuntu4.4_arm64.deb 39520af6ff3a3b3990893903ca63011a 120982 debug optional apache2-utils-dbgsym_2.4.52-1ubuntu4.4_arm64.ddeb d76b6977a94ccb1bc82eb0f9364842f2 88110 httpd optional apache2-utils_2.4.52-1ubuntu4.4_arm64.deb 520ba7b240d5c9c761d9279c6b79046d 11931 httpd optional apache2_2.4.52-1ubuntu4.4_arm64.buildinfo 26cc57432ed91a6c3a4007b8e682fdb6 97850 httpd optional apache2_2.4.52-1ubuntu4.4_arm64.deb 4ab34b07b1cf143ef8efdd08fdc1fa31 804 oldlibs optional libapache2-mod-md_2.4.52-1ubuntu4.4_arm64.deb 124915e0299fff81e9de58ef6145d85a 984 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.52-1ubuntu4.4_arm64.deb Original-Maintainer: Debian Apache Maintainers