Format: 1.8
Date: Wed, 10 Apr 2024 13:46:26 -0400
Source: apache2
Binary: apache2 apache2-bin apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: amd64 all
Version: 2.4.41-4ubuntu3.17
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy02-amd64-041.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Changes:
 apache2 (2.4.41-4ubuntu3.17) focal-security; urgency=medium
 .
   * SECURITY UPDATE: HTTP response splitting
     - debian/patches/CVE-2023-38709.patch: header validation after
       content-* are eval'ed in modules/http/http_filters.c.
     - CVE-2023-38709
   * SECURITY UPDATE: HTTP Response Splitting in multiple modules
     - debian/patches/CVE-2024-24795.patch: let httpd handle CL/TE for
       non-http handlers in include/util_script.h,
       modules/aaa/mod_authnz_fcgi.c, modules/generators/mod_cgi.c,
       modules/generators/mod_cgid.c, modules/http/http_filters.c,
       modules/proxy/ajp_header.c, modules/proxy/mod_proxy_fcgi.c,
       modules/proxy/mod_proxy_scgi.c, modules/proxy/mod_proxy_uwsgi.c.
     - CVE-2024-24795
   * SECURITY UPDATE: HTTP/2 DoS by memory exhaustion on endless
     continuation frames
     - debian/patches/CVE-2024-27316.patch: bail after too many failed reads
       in modules/http2/h2_session.c, modules/http2/h2_stream.c,
       modules/http2/h2_stream.h.
     - CVE-2024-27316
Checksums-Sha1:
 89eb85181b965ba8be7636f06a75a49c9ff9efcc 4839704 apache2-bin-dbgsym_2.4.41-4ubuntu3.17_amd64.ddeb
 f91a3c3fea848616761b553ed1b000f11d6a34bc 1187192 apache2-bin_2.4.41-4ubuntu3.17_amd64.deb
 d60b435787116bf5f3f58a79d80260e5ff55765d 158492 apache2-data_2.4.41-4ubuntu3.17_all.deb
 b3eb9ad6b28799ae4fbf8b749bdac490c1a6bf83 179556 apache2-dev_2.4.41-4ubuntu3.17_amd64.deb
 8c0ca2db557b9b08b2812c83c81a08043f48e635 3848160 apache2-doc_2.4.41-4ubuntu3.17_all.deb
 98984444bda40523e231a6f10432975214e06698 3156 apache2-ssl-dev_2.4.41-4ubuntu3.17_amd64.deb
 1a40f4d87c8eff04148899ec62079e73afd243a8 12964 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.17_amd64.ddeb
 471dc78c79e9a19d0ce3a88855add877220a128d 15624 apache2-suexec-custom_2.4.41-4ubuntu3.17_amd64.deb
 7f356002a5e83918398d4dfa3b28cbc56dfde264 11748 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.17_amd64.ddeb
 5c3e25d739064e36294e9815ef9d50d7e5b45dc6 14032 apache2-suexec-pristine_2.4.41-4ubuntu3.17_amd64.deb
 35e6ebd31dc6717f882fa2e444a59447de80b230 138620 apache2-utils-dbgsym_2.4.41-4ubuntu3.17_amd64.ddeb
 7daeaa7a8dd083f2fb6cb33af37a8c0f1b7fdfde 84144 apache2-utils_2.4.41-4ubuntu3.17_amd64.deb
 f689397d8eb195a1d5c495d388cf8d5872ccd5ca 12641 apache2_2.4.41-4ubuntu3.17_amd64.buildinfo
 c2d1f1463d6b2b9f9c22c26cef2308e4beb317ad 95512 apache2_2.4.41-4ubuntu3.17_amd64.deb
 267d0a87f9fde7d4069dd66cdb674f7861d80c5c 992 libapache2-mod-md_2.4.41-4ubuntu3.17_amd64.deb
 7cd56f99b85f08d7513a98816cbc83e15ef9b1bc 1180 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.17_amd64.deb
Checksums-Sha256:
 88a8f9e48398647010da6135bb634c7bd9d1f7b30f499305028ec5cfc4efdfbf 4839704 apache2-bin-dbgsym_2.4.41-4ubuntu3.17_amd64.ddeb
 9b4eaf275c95f6c66408a5d1967f625088bed62a2729d4bcaee6fe4cbe7af6b8 1187192 apache2-bin_2.4.41-4ubuntu3.17_amd64.deb
 e71ae8052c28c1864b97bf0c818425624e422202d7293f3e3feea15610d49556 158492 apache2-data_2.4.41-4ubuntu3.17_all.deb
 0831bd9d9cc8b940ceaddbe0ea39964144dbd022784b240c75c91129b4411981 179556 apache2-dev_2.4.41-4ubuntu3.17_amd64.deb
 1e0b3ed8b943ec4870568704753bcc6cee2faa8b53ea5e4f0584c88e89f43f3f 3848160 apache2-doc_2.4.41-4ubuntu3.17_all.deb
 dc79e297427e49e02422b5fdec6917243c4fe7dddb11895dfa556820787268f3 3156 apache2-ssl-dev_2.4.41-4ubuntu3.17_amd64.deb
 1e1538e1457eebf04a27d82bd3556632b77484cf2979e5d29dd596b6323824cb 12964 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.17_amd64.ddeb
 1853b219a015c294c7c6505918113063ef7ec66dace846c6776851f63db5d2c6 15624 apache2-suexec-custom_2.4.41-4ubuntu3.17_amd64.deb
 52b013db6ce096741a91091ebc994f474fb679e6f37001ac1470f0a70447fb1f 11748 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.17_amd64.ddeb
 26e29284416208c7cb71bc88888397227c8b06f140709d486da9f61ff64c4ff6 14032 apache2-suexec-pristine_2.4.41-4ubuntu3.17_amd64.deb
 aa6ce735b491f4f255e98b91d895d1a07caa1e0b0223a1b2e5b0fd2b981f65e6 138620 apache2-utils-dbgsym_2.4.41-4ubuntu3.17_amd64.ddeb
 733f4efbdbe80bfc767e17fd73f63c2b34d61ec11397eac95bda5b294bfc2b96 84144 apache2-utils_2.4.41-4ubuntu3.17_amd64.deb
 9272fac7dea703ca04330a9fe20c6e82b1888adc4cac27856a1328e42e0b1e0d 12641 apache2_2.4.41-4ubuntu3.17_amd64.buildinfo
 690d9b82256c16482df2e0d4ad023c1a14695c7dc8582541a8a67d390ddc7240 95512 apache2_2.4.41-4ubuntu3.17_amd64.deb
 15548e5a78ec29cbfd6c1b9386c93595baf1992bb6075b54efe0d50cec0f9229 992 libapache2-mod-md_2.4.41-4ubuntu3.17_amd64.deb
 a6a8ec87adf43cade1ecde0a894c6c1cea1fb2fb817d1c6864c1bfaa8b960937 1180 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.17_amd64.deb
Files:
 ab2fa149f2306d890609d9afee3f3c20 4839704 debug optional apache2-bin-dbgsym_2.4.41-4ubuntu3.17_amd64.ddeb
 e39f90ec44490c3c14d84c97c2ea8220 1187192 httpd optional apache2-bin_2.4.41-4ubuntu3.17_amd64.deb
 48329641ce6e73f900ac50b470329d61 158492 httpd optional apache2-data_2.4.41-4ubuntu3.17_all.deb
 bca7a8fff20a15b2f8a29390301c4b97 179556 httpd optional apache2-dev_2.4.41-4ubuntu3.17_amd64.deb
 a1a9ec7c7e3820514f7af29a73845aae 3848160 doc optional apache2-doc_2.4.41-4ubuntu3.17_all.deb
 185917f1589ffab8e4c30763aeb77894 3156 httpd optional apache2-ssl-dev_2.4.41-4ubuntu3.17_amd64.deb
 1ba5708bab5c1aa4c110f825072a1bed 12964 debug optional apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.17_amd64.ddeb
 829b18126b85d5edf9f2de12dc2149c9 15624 httpd optional apache2-suexec-custom_2.4.41-4ubuntu3.17_amd64.deb
 6aec0015b9be084cb39b08f9826ed02e 11748 debug optional apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.17_amd64.ddeb
 62e1ae27378cf97a55fc6f7c143bf9db 14032 httpd optional apache2-suexec-pristine_2.4.41-4ubuntu3.17_amd64.deb
 91dd01b22fe7f5dfa40e1b3b68950970 138620 debug optional apache2-utils-dbgsym_2.4.41-4ubuntu3.17_amd64.ddeb
 cbb61e7002f42bfb3fc39169ee6c2cac 84144 httpd optional apache2-utils_2.4.41-4ubuntu3.17_amd64.deb
 591f41da1574b893b877e09f96564f0b 12641 httpd optional apache2_2.4.41-4ubuntu3.17_amd64.buildinfo
 c00205779a5b56ec796a6c504a20bddb 95512 httpd optional apache2_2.4.41-4ubuntu3.17_amd64.deb
 b157459d08d15b4baad3df83dc484b4e 992 oldlibs optional libapache2-mod-md_2.4.41-4ubuntu3.17_amd64.deb
 63621fd65e8fe5768f75886f9a8f889b 1180 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.17_amd64.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>