apache2 2.4.33-1 source package in Debian


apache2 (2.4.33-1) unstable; urgency=medium

  * New upstream version.
    Security fixes:
    - CVE-2017-15710
      Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig enabled
    - CVE-2018-1283
      mod_session: CGI-like applications that intend to read from mod_session's
      'SessionEnv ON' could be fooled into reading user-supplied data instead.
    - CVE-2018-1303
      mod_cache_socache: Fix request headers parsing to avoid a possible crash
      with specially crafted input data.
    - CVE-2018-1301
      core: Possible crash with excessively long HTTP request headers.
      Impractical to exploit with a production build and production LogLevel.
    - CVE-2017-15715
      core: Configure the regular expression engine to match '$' to the end of
      the input string only, excluding matching the end of any embedded
      newline characters. Behavior can be changed with new directive
    - CVE-2018-1312
      mod_auth_digest: Fix generation of nonce values to prevent replay
      attacks across servers using a common Digest domain. This change
      may cause problems if used with round robin load balancers. PR 54637
    - CVE-2018-1302
      mod_http2: Potential crash w/ mod_http2.

    - mod_proxy_uwsgi: New UWSGI proxy submodule.
    - mod_md: New experimental module for managing domains across virtual
      hosts, implementing the Let's Encrypt ACMEv1 protocol to signup and
      renew certificates.
    - core: silently ignore a not existent file path when IncludeOptional
      is used. Closes: #878920
    - mod_ldap: Avoid possible crashes, hangs, and busy loops. Closes: #814980

  * Fix lintian warnings:
    - Include SupportApache-small.png in apache2-doc package instead of
      linking to apache.org, to avoid privacy issues.
    - Use /usr/share/dpkg/architecture.mk instead of setting DEB_*_GNU_TYPE
    - Remove deprecated use of autotools_dev with dh.
    - Add some overrides
  * Bump standards-version to 4.1.2 (no changes)

 -- Stefan Fritsch <email address hidden>  Fri, 30 Mar 2018 22:53:13 +0200

Upload details

Uploaded by:
Debian Apache Maintainers on 2018-03-31
Uploaded to:
Original maintainer:
Debian Apache Maintainers
any all
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section



File Size SHA-256 Checksum
apache2_2.4.33-1.dsc 3.3 KiB 4d07b2a9dd01e9bc855f60e008812e1f6f92a6b6450403e7688479209d8459a2
apache2_2.4.33.orig.tar.bz2 6.6 MiB de02511859b00d17845b9abdd1f975d5ccb5d0b280c567da5bf2ad4b70846f05
apache2_2.4.33.orig.tar.bz2.asc 473 bytes 992f2929e0e4a4e353601abaa1fec016a75af2ee8e06740e41ae4b7924b70bbd
apache2_2.4.33-1.debian.tar.xz 767.2 KiB 2bcd0783ca1853a43b569e96c200c355b7236af8a57fb3fb529b56bd9cf4e199

No changes file available.

Binary packages built by this source