Format: 1.8
Date: Tue, 15 May 2018 11:03:34 -0300
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: i386
Version: 2.4.33-3ubuntu1
Distribution: cosmic-proposed
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lgw01-amd64-057.buildd>
Changed-By: Andreas Hasenack <andreas@canonical.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Launchpad-Bugs-Fixed: 1770242
Changes:
 apache2 (2.4.33-3ubuntu1) cosmic; urgency=medium
 .
   * Merge with Debian unstable (LP: #1770242). Remaining changes:
     - debian/{control, apache2.install, apache2-utils.ufw.profile,
       apache2.dirs}: Add ufw profiles.
     - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
     - debian/patches/086_svn_cross_compiles: Backport several cross
       fixes from upstream
     - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
       Debian with Ubuntu on default page.
       + d/source/include-binaries: add Ubuntu icon file
     - d/t/control, d/t/check-http2: add basic test for http2 support
   * Drop:
     - SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
       + debian/patches/CVE-2017-15710.patch: fix language long names
         detection as short name in modules/aaa/mod_authnz_ldap.c.
       + CVE-2017-15710
     - SECURITY UPDATE: incorrect <FilesMatch> matching
       + debian/patches/CVE-2017-15715.patch: allow to configure
         global/default options for regexes, like caseless matching or
         extended format in include/ap_regex.h, server/core.c,
         server/util_pcre.c.
       + CVE-2017-15715
     - SECURITY UPDATE: mod_session header manipulation
       + debian/patches/CVE-2018-1283.patch: strip Session header when
         SessionEnv is on in modules/session/mod_session.c.
       + CVE-2018-1283
     - SECURITY UPDATE: DoS via specially-crafted request
       + debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
         terminated on any error, not only on buffer full in
         server/protocol.c.
       + CVE-2018-1301
     - SECURITY UPDATE: mod_cache_socache DoS
       + debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
         to carriage return in modules/cache/mod_cache_socache.c.
       + CVE-2018-1303
     - SECURITY UPDATE: insecure nonce generation
       + debian/patches/CVE-2018-1312.patch: actually use the secret when
         generating nonces in modules/aaa/mod_auth_digest.c.
       + CVE-2018-1312
     - Correct systemd-sysv-generator behavior by customizing some
       parameters:
       + d/apache2-systemd.conf: add a drop-in file to specify some
         parameters for the systemd unit (type=Forking and
         RemainsAfterExit=no), this allow a correct state synchronisation
         between systemctl status and actual state of apache2 daemon.
       + d/apache2.install: place the apache2-systemd.conf file in the
         correct location.
       [type=Forking already in the base systemd service file, and
        RemainsAfterExit=no is the default value, so no need to
        customize these anymore.]
     - Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP #1752683)
       + added debian/patches/util_ldap_cache_lock_fix.patch
       [Already applied upstream]
Checksums-Sha1:
 1e6bbbe2ebdec485c37992af7703f382524955e9 1226968 apache2-bin_2.4.33-3ubuntu1_i386.deb
 4289c0b8c70e1523ad8fc687bbf4566d2da1198c 3781668 apache2-dbg_2.4.33-3ubuntu1_i386.deb
 e0b65ed7d3bf721d18daac5ede5973f852a57eb9 178132 apache2-dev_2.4.33-3ubuntu1_i386.deb
 79f0bbae1b0f0f57d0769529ef03beb979de4f6e 2396 apache2-ssl-dev_2.4.33-3ubuntu1_i386.deb
 1542a1bbe64b7c07369718265181abf9d793dd7a 15288 apache2-suexec-custom_2.4.33-3ubuntu1_i386.deb
 725bbe3109950d34cec99d315029e07d0e84b5f5 13744 apache2-suexec-pristine_2.4.33-3ubuntu1_i386.deb
 225d99cddfec1b316c17149b8ed70748a70ccf95 89080 apache2-utils_2.4.33-3ubuntu1_i386.deb
 7207c5c17ab00754fa324328c03cffcaed82e75c 10705 apache2_2.4.33-3ubuntu1_i386.buildinfo
 a1bdd5650737acb3c7f44994fd97f7d9127517f3 95096 apache2_2.4.33-3ubuntu1_i386.deb
 b54cb15d6a4903c4371e395e9691c6b08da60007 968 libapache2-mod-md_2.4.33-3ubuntu1_i386.deb
 0fb3387a44284f4c3c97a8432005aac4bc003296 980 libapache2-mod-proxy-uwsgi_2.4.33-3ubuntu1_i386.deb
Checksums-Sha256:
 36e99b6260183f877355737b71513bb92ebca5881bedac910d9adb967e0dd3ef 1226968 apache2-bin_2.4.33-3ubuntu1_i386.deb
 166493583187adf461185f6971af1183c2ca98a25b0d603fd8ec1766b5c8f3e3 3781668 apache2-dbg_2.4.33-3ubuntu1_i386.deb
 eaa4feec48c2f5061e932db85622ae85d8455f6ebdca685f4583091ac26e0edc 178132 apache2-dev_2.4.33-3ubuntu1_i386.deb
 87b7e3b261f6a10649323559b40b3217d62f5fd4e5e4eca29ec8eb4ef22bf692 2396 apache2-ssl-dev_2.4.33-3ubuntu1_i386.deb
 58e3c837c3108166a4c2c4e94e67e3cb52b59d79d29372bc7140cb0488961250 15288 apache2-suexec-custom_2.4.33-3ubuntu1_i386.deb
 f2980705ca67834b393058ce7ecc10127e84c1475a104335317dc9c787735ea1 13744 apache2-suexec-pristine_2.4.33-3ubuntu1_i386.deb
 695e05e5aa2fbccd1fe9f76fc9785fa7af981af4bffc14d69531cdee71d46dbd 89080 apache2-utils_2.4.33-3ubuntu1_i386.deb
 9eb45ea0b315d752381c96afa8acf1e62f2611f00d5b41ba136f1408109ace79 10705 apache2_2.4.33-3ubuntu1_i386.buildinfo
 ac8338bf4ce9d71480c96207a4cb11f0bc388d95ad1a636cbd2dcd31a63c5ee1 95096 apache2_2.4.33-3ubuntu1_i386.deb
 6da72ed318fcd220c25a2d6d646beae65e40b9fd9a8ec7e87d1008c6db2f4767 968 libapache2-mod-md_2.4.33-3ubuntu1_i386.deb
 5d34b50270a27abe9ea4629f3d598c7f08e4753dea6deee5f0acf3602108609e 980 libapache2-mod-proxy-uwsgi_2.4.33-3ubuntu1_i386.deb
Files:
 7484d0e065409078fa36e3fdebe1078f 1226968 httpd optional apache2-bin_2.4.33-3ubuntu1_i386.deb
 9e3e51c6a3b67e54248222c258731cc2 3781668 debug optional apache2-dbg_2.4.33-3ubuntu1_i386.deb
 c065ad28fe1d0cd1348ae45314a5300b 178132 httpd optional apache2-dev_2.4.33-3ubuntu1_i386.deb
 066e7f90ac0df4972473663172d88bed 2396 httpd optional apache2-ssl-dev_2.4.33-3ubuntu1_i386.deb
 edf88bb0bbaf1df80814d046d984c253 15288 httpd optional apache2-suexec-custom_2.4.33-3ubuntu1_i386.deb
 f90f91288f5f2bafe3245aad3eb79c51 13744 httpd optional apache2-suexec-pristine_2.4.33-3ubuntu1_i386.deb
 66afa9f20cc45bf9db880367b38b04a1 89080 httpd optional apache2-utils_2.4.33-3ubuntu1_i386.deb
 6c891d1befb062679d78d0db3bea8142 10705 httpd optional apache2_2.4.33-3ubuntu1_i386.buildinfo
 4f1ae9024e52752dc0ec994d5696afd7 95096 httpd optional apache2_2.4.33-3ubuntu1_i386.deb
 8610d0026cc62c4a01c8592b3d2d9e23 968 oldlibs optional libapache2-mod-md_2.4.33-3ubuntu1_i386.deb
 3d33c7fbacfd4767859e209a7330d6d6 980 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.33-3ubuntu1_i386.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>