Format: 1.8 Date: Wed, 08 Mar 2023 12:32:01 -0500 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Built-For-Profiles: noudeb Architecture: i386 Version: 2.4.52-1ubuntu4.4 Distribution: jammy Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.52-1ubuntu4.4) jammy-security; urgency=medium . * SECURITY UPDATE: HTTP request splitting with mod_rewrite and mod_proxy - debian/patches/CVE-2023-25690-1.patch: don't forward invalid query strings in modules/http2/mod_proxy_http2.c, modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy_ajp.c, modules/proxy/mod_proxy_balancer.c, modules/proxy/mod_proxy_http.c, modules/proxy/mod_proxy_wstunnel.c. - debian/patches/CVE-2023-25690-2.patch: Fix missing APLOGNO in modules/http2/mod_proxy_http2.c. - CVE-2023-25690 * SECURITY UPDATE: mod_proxy_uwsgi HTTP response splitting - debian/patches/CVE-2023-27522.patch: stricter backend HTTP response parsing/validation in modules/proxy/mod_proxy_uwsgi.c. - CVE-2023-27522 Checksums-Sha1: 8ccb6844312dba12c0d6c2e95dafe3e255a83cb0 3235614 apache2-bin-dbgsym_2.4.52-1ubuntu4.4_i386.ddeb cd70cacfab5906fb8bb27c439f1c3865441a35cf 1430832 apache2-bin_2.4.52-1ubuntu4.4_i386.deb 9fcc8c2f1d63a629e215288f2872a5ca5e153437 191010 apache2-dev_2.4.52-1ubuntu4.4_i386.deb b7941a7bc835a9b54a0ea8bcb2548d8c7039feaa 2984 apache2-ssl-dev_2.4.52-1ubuntu4.4_i386.deb 535bea2e1ac1aca988a0bf76272ed80797345f9f 11546 apache2-suexec-custom-dbgsym_2.4.52-1ubuntu4.4_i386.ddeb 151575b94c1c14ecec89fac8c840d32d8eb39f5e 16368 apache2-suexec-custom_2.4.52-1ubuntu4.4_i386.deb 3f81f1493340ba67ee9a262761e37bd8eae3c49c 10268 apache2-suexec-pristine-dbgsym_2.4.52-1ubuntu4.4_i386.ddeb f8a3195784e4d01a8d3a7c26561722e9c62eb77a 14742 apache2-suexec-pristine_2.4.52-1ubuntu4.4_i386.deb b4765d474a5ad78c1604af5f51ac944708da578f 109460 apache2-utils-dbgsym_2.4.52-1ubuntu4.4_i386.ddeb 82bdef24e220cb53ff7496b7a6b22b997ebfd6ab 93494 apache2-utils_2.4.52-1ubuntu4.4_i386.deb 3ecaffad065c39d367a0fd0679d38f58ced71b95 11815 apache2_2.4.52-1ubuntu4.4_i386.buildinfo 04916fe8365a2ec0f4e1d29ed6be40e3f7fe7bdc 97850 apache2_2.4.52-1ubuntu4.4_i386.deb 1f8aa3c915b914dc1f808b6882b94cc70a21d6a4 804 libapache2-mod-md_2.4.52-1ubuntu4.4_i386.deb 1812e8a9b301ac66ac714f4c97401e97bf59e467 984 libapache2-mod-proxy-uwsgi_2.4.52-1ubuntu4.4_i386.deb Checksums-Sha256: c5550824787ab17645824022f52bf64b028ba3dbeb68bf06e3cea814e5937f4e 3235614 apache2-bin-dbgsym_2.4.52-1ubuntu4.4_i386.ddeb 532502689205b0451a763cf132c860c4423b5780e00460ce288f23e121efb4dd 1430832 apache2-bin_2.4.52-1ubuntu4.4_i386.deb 528d0da32f5edb81caa06f75ee8c5237f28a2a98fd2d90c3c185c663136d6f78 191010 apache2-dev_2.4.52-1ubuntu4.4_i386.deb 42b1f22ff8daf45ac053ebfc08c7a971d85960020e31d3713d029d213f082495 2984 apache2-ssl-dev_2.4.52-1ubuntu4.4_i386.deb f08f57b05e80bdd79e5d829d45d41ba80543922514423f44746135486879105d 11546 apache2-suexec-custom-dbgsym_2.4.52-1ubuntu4.4_i386.ddeb 91550457b22975d910ff60e2ea8b5d4fb9ebd30c702a30fc5c78b3a05e47febd 16368 apache2-suexec-custom_2.4.52-1ubuntu4.4_i386.deb ade99fae494dd5a20c7bc29a364a3221317eb35acf09f0599fa8f166750e85d0 10268 apache2-suexec-pristine-dbgsym_2.4.52-1ubuntu4.4_i386.ddeb 23b1d8efed02795b0484be25a90561c9990c4d0571e418088234e395827d9588 14742 apache2-suexec-pristine_2.4.52-1ubuntu4.4_i386.deb 1a0cd636a941756150d7d6aed823b39d574bc68ba8c9b1e138f0e24d07d59c14 109460 apache2-utils-dbgsym_2.4.52-1ubuntu4.4_i386.ddeb 922b5819a50b12fd081fa25610400127f8d3b462b1c4d3695a50ea079ad68419 93494 apache2-utils_2.4.52-1ubuntu4.4_i386.deb 1822500665793eafd4b981afe6635de87fb4c385df9488bbaa768bbdfb4a3cef 11815 apache2_2.4.52-1ubuntu4.4_i386.buildinfo 6deae875be1d616907aedaee05e09cbf52c4b9927eb4b615a0077595ef16125d 97850 apache2_2.4.52-1ubuntu4.4_i386.deb cdce54838d8cb4e722364c74a796e8eba2b66658163f048caaf3b5c2ad4c83a2 804 libapache2-mod-md_2.4.52-1ubuntu4.4_i386.deb 1fdbeb64566fd5df9ad3a249740b3a1914f1ab0dd8177aa277d5c6778b4a8a7d 984 libapache2-mod-proxy-uwsgi_2.4.52-1ubuntu4.4_i386.deb Files: 7d53da0fdecfe6d17dc7e3f030220e95 3235614 debug optional apache2-bin-dbgsym_2.4.52-1ubuntu4.4_i386.ddeb 9d64ee0cd61850250f589a89499cc117 1430832 httpd optional apache2-bin_2.4.52-1ubuntu4.4_i386.deb 26fa3c7e93c5bf58879dbf01f75a4bf3 191010 httpd optional apache2-dev_2.4.52-1ubuntu4.4_i386.deb f3250cf340071bc36ce709d5f0627d92 2984 httpd optional apache2-ssl-dev_2.4.52-1ubuntu4.4_i386.deb b2c7c47c948b1734c87ea7182abf6fb2 11546 debug optional apache2-suexec-custom-dbgsym_2.4.52-1ubuntu4.4_i386.ddeb 7548560928a30a5fa2c064cffe8f1837 16368 httpd optional apache2-suexec-custom_2.4.52-1ubuntu4.4_i386.deb b6127ce72cae59715a5f946541c1026f 10268 debug optional apache2-suexec-pristine-dbgsym_2.4.52-1ubuntu4.4_i386.ddeb 83f2ec3bbfd356c795257562a7f2e31a 14742 httpd optional apache2-suexec-pristine_2.4.52-1ubuntu4.4_i386.deb 954934ce14efc06064db1b3d6d6ee374 109460 debug optional apache2-utils-dbgsym_2.4.52-1ubuntu4.4_i386.ddeb 3d267c2cbecd32901d46987461faeaa1 93494 httpd optional apache2-utils_2.4.52-1ubuntu4.4_i386.deb 5625c9bd49b515f140042aa048d160ec 11815 httpd optional apache2_2.4.52-1ubuntu4.4_i386.buildinfo 915c441a6f44ccc813e15bc40ce62f81 97850 httpd optional apache2_2.4.52-1ubuntu4.4_i386.deb 544c8c7a04131fa81951d76b852f01ed 804 oldlibs optional libapache2-mod-md_2.4.52-1ubuntu4.4_i386.deb 065601217007c2908bfd30cc9aec663f 984 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.52-1ubuntu4.4_i386.deb Original-Maintainer: Debian Apache Maintainers