Format: 1.8
Date: Wed, 03 Apr 2019 14:31:46 -0400
Source: apache2
Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: s390x
Version: 2.4.38-2ubuntu2
Distribution: disco-proposed
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-s390x-020.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Changes:
 apache2 (2.4.38-2ubuntu2) disco; urgency=medium
 .
   * SECURITY UPDATE: read-after-free on a string compare in mod_http2
     - debian/patches/CVE-2019-0196.patch: disentangelment of stream and
       request method in modules/http2/h2_request.c.
     - CVE-2019-0196
   * SECURITY UPDATE: privilege escalation from modules' scripts
     - debian/patches/CVE-2019-0211.patch: bind the bucket number of each
       child to its slot number in include/scoreboard.h,
       server/mpm/event/event.c, server/mpm/prefork/prefork.c,
       server/mpm/worker/worker.c.
     - CVE-2019-0211
   * SECURITY UPDATE: mod_ssl access control bypass
     - debian/patches/CVE-2019-0215.patch: restore SSL verify state after
       PHA failure in TLSv1.3 in modules/ssl/ssl_engine_kernel.c.
     - CVE-2019-0215
   * SECURITY UPDATE: mod_auth_digest access control bypass
     - debian/patches/CVE-2019-0217.patch: fix a race condition in
       modules/aaa/mod_auth_digest.c.
     - CVE-2019-0217
   * SECURITY UPDATE: URL normalization inconsistincy
     - debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in
       the path in include/http_core.h, include/httpd.h, server/core.c,
       server/request.c, server/util.c.
     - debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety
       in server/request.c, server/util.c.
     - debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in
       server/util.c.
     - CVE-2019-0220
Checksums-Sha1:
 589c6ece61ec6ccd21150ca6c4b4840265831aa9 4771848 apache2-bin-dbgsym_2.4.38-2ubuntu2_s390x.ddeb
 1544dfe1d3790c8aa569cd60108c6b4c596909de 1050036 apache2-bin_2.4.38-2ubuntu2_s390x.deb
 f264a7b0cf5bc0630756f330e559f1475a90ace8 178920 apache2-dev_2.4.38-2ubuntu2_s390x.deb
 373ebbae51f849d3fa1a8a878dd67585684ba4e5 2396 apache2-ssl-dev_2.4.38-2ubuntu2_s390x.deb
 e12c565664f9cd184c25d793076ea3a3c53dbf30 12860 apache2-suexec-custom-dbgsym_2.4.38-2ubuntu2_s390x.ddeb
 468323f899dc3ca6cff11b757b0d8e0a02c004f5 15172 apache2-suexec-custom_2.4.38-2ubuntu2_s390x.deb
 4b5b579716f2d4037606393ef57af12be2d1e1d8 11588 apache2-suexec-pristine-dbgsym_2.4.38-2ubuntu2_s390x.ddeb
 fb32ae6f281fdecbcc56f4fdaa9b06d2af6be008 13632 apache2-suexec-pristine_2.4.38-2ubuntu2_s390x.deb
 4bdaa86c056eba649c988a0c1ccf7934cc2cc3cd 140844 apache2-utils-dbgsym_2.4.38-2ubuntu2_s390x.ddeb
 6618c1f10f9faf8a28b915f554040e5647ea0d39 83944 apache2-utils_2.4.38-2ubuntu2_s390x.deb
 00dd94e8b2e9276a0c494f2f9080db9a5c2042db 10796 apache2_2.4.38-2ubuntu2_s390x.buildinfo
 6d5cd5b1ef37a2b5437e19d0c2f86c8ecd0c4dc3 95456 apache2_2.4.38-2ubuntu2_s390x.deb
 4ec7cc4cc13c02f2c0838d440c67444448af2a6b 988 libapache2-mod-md_2.4.38-2ubuntu2_s390x.deb
 77816ac0cfda83ebe8a8d91d0ce8eb2b09bcfb6f 1176 libapache2-mod-proxy-uwsgi_2.4.38-2ubuntu2_s390x.deb
Checksums-Sha256:
 70db610b67d449ce9eaf022a35d99d054b749922834349004f3e114def101bd4 4771848 apache2-bin-dbgsym_2.4.38-2ubuntu2_s390x.ddeb
 72b8be19717069ec4c3de29842f8d507fde2079af90ce2bc079a2774bcb6a0ec 1050036 apache2-bin_2.4.38-2ubuntu2_s390x.deb
 5305177afae52926ad9ab2727114b9df8e16eb65a0044e519cf6c11d9bced827 178920 apache2-dev_2.4.38-2ubuntu2_s390x.deb
 a9382b3d92cfe8b245ef9c0b8d87b0caae24ac999bd0f48f4f7279456ef1c45c 2396 apache2-ssl-dev_2.4.38-2ubuntu2_s390x.deb
 2260dd90b9246afcf17ebcf9050786c3ee7316b5575d30643237e7e313a8d325 12860 apache2-suexec-custom-dbgsym_2.4.38-2ubuntu2_s390x.ddeb
 1c701b5a3c65ca16948a44b29b929f2ff76d6b0de114496944acbe301da68f07 15172 apache2-suexec-custom_2.4.38-2ubuntu2_s390x.deb
 1043deb48eb1561939bf750a7b4b601838f88e20f506ae5dbd9e9184f5dcfb6e 11588 apache2-suexec-pristine-dbgsym_2.4.38-2ubuntu2_s390x.ddeb
 f434c631cc9d874054270716f115a5249c2235ce8002fde22eca4b54df81bad0 13632 apache2-suexec-pristine_2.4.38-2ubuntu2_s390x.deb
 5968e06dad1f8b28b93da829a3749167d0ee62162ca111c889b5296d2515b143 140844 apache2-utils-dbgsym_2.4.38-2ubuntu2_s390x.ddeb
 7022b4bfda33abfa1305b248e6bec9bf65085813b0caf27138d60da37eb59f8f 83944 apache2-utils_2.4.38-2ubuntu2_s390x.deb
 d61562a5a9f1354880e4e8d3849b0b6c9a300f873fa8685bf791b4ea24a12164 10796 apache2_2.4.38-2ubuntu2_s390x.buildinfo
 7fb2971da495816224f2db31c057574d331e3ff3e5bc23d9d0fb4cb914a285dc 95456 apache2_2.4.38-2ubuntu2_s390x.deb
 1e5a62063b939caef19d3aa7e95b905e2abeb1b294645c2499ba65305bf20d7a 988 libapache2-mod-md_2.4.38-2ubuntu2_s390x.deb
 b734da2c8ea86b1ae6e7a4904241052768b924a69da1e7d0b531bebddd5ff6a9 1176 libapache2-mod-proxy-uwsgi_2.4.38-2ubuntu2_s390x.deb
Files:
 84ad0d123253c0cb4c5ff1f72646d17d 4771848 debug optional apache2-bin-dbgsym_2.4.38-2ubuntu2_s390x.ddeb
 2ef53e8db3345fb1c9398eedb3fba62c 1050036 httpd optional apache2-bin_2.4.38-2ubuntu2_s390x.deb
 c1969c05a71ba3c46c86156a5f0359aa 178920 httpd optional apache2-dev_2.4.38-2ubuntu2_s390x.deb
 674c3e80680e4a59a38b4d02981ccd96 2396 httpd optional apache2-ssl-dev_2.4.38-2ubuntu2_s390x.deb
 ccf6ceb199904550bc7673f20849ff78 12860 debug optional apache2-suexec-custom-dbgsym_2.4.38-2ubuntu2_s390x.ddeb
 64809b4a7bfac1314f7b47035404e4c6 15172 httpd optional apache2-suexec-custom_2.4.38-2ubuntu2_s390x.deb
 c1eafc9bef5b7a64940bd23830b85704 11588 debug optional apache2-suexec-pristine-dbgsym_2.4.38-2ubuntu2_s390x.ddeb
 5f0262279eb751f25b3087e74af21d31 13632 httpd optional apache2-suexec-pristine_2.4.38-2ubuntu2_s390x.deb
 111bb2c3536057cb58866779367a4e9c 140844 debug optional apache2-utils-dbgsym_2.4.38-2ubuntu2_s390x.ddeb
 6335868eba07075a78803035dca187a3 83944 httpd optional apache2-utils_2.4.38-2ubuntu2_s390x.deb
 36c0725d6cd319532725620466f3db1e 10796 httpd optional apache2_2.4.38-2ubuntu2_s390x.buildinfo
 ef179502e72bc9358dd1fc675f37529d 95456 httpd optional apache2_2.4.38-2ubuntu2_s390x.deb
 4a50925103aec28b874ac9a05d61dd7d 988 oldlibs optional libapache2-mod-md_2.4.38-2ubuntu2_s390x.deb
 e14764931869d1d2809c38ecfdfbdf56 1176 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.38-2ubuntu2_s390x.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>