Format: 1.8
Date: Thu, 17 Jun 2021 13:09:41 -0400
Source: apache2
Binary: apache2 apache2-bin apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi
Built-For-Profiles: noudeb
Architecture: amd64 all
Version: 2.4.46-4ubuntu2
Distribution: impish-proposed
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lgw01-amd64-030.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Changes:
 apache2 (2.4.46-4ubuntu2) impish; urgency=medium
 .
   * SECURITY UPDATE: mod_proxy_http denial of service.
     - debian/patches/CVE-2020-13950.patch: don't dereference NULL proxy
       connection in modules/proxy/mod_proxy_http.c.
     - CVE-2020-13950
   * SECURITY UPDATE: stack overflow via Digest nonce in mod_auth_digest
     - debian/patches/CVE-2020-35452.patch: fast validation of the nonce's
       base64 to fail early if the format can't match anyway in
       modules/aaa/mod_auth_digest.c.
     - CVE-2020-35452
   * SECURITY UPDATE: DoS via cookie header in mod_session
     - debian/patches/CVE-2021-26690.patch: save one apr_strtok() in
       session_identity_decode() in modules/session/mod_session.c.
     - CVE-2021-26690
   * SECURITY UPDATE: heap overflow via SessionHeader
     - debian/patches/CVE-2021-26691.patch: account for the '&' in
       identity_concat() in modules/session/mod_session.c.
     - CVE-2021-26691
   * SECURITY UPDATE: Unexpected matching behavior with 'MergeSlashes OFF'
     - debian/patches/CVE-2021-30641.patch: change default behavior in
       server/request.c.
     - CVE-2021-30641
Checksums-Sha1:
 ec9dd1d2598274b970a4063025997713285dd50b 3303072 apache2-bin-dbgsym_2.4.46-4ubuntu2_amd64.ddeb
 70040dec1cd243288c613d4bdd821a5ee91c8c46 1200532 apache2-bin_2.4.46-4ubuntu2_amd64.deb
 c72106ed49820586ee1d1222fd24a1671690fe76 158476 apache2-data_2.4.46-4ubuntu2_all.deb
 967d5790cac7baa53d15d6fe1dae5abbc7a15784 179452 apache2-dev_2.4.46-4ubuntu2_amd64.deb
 4e3ed8e7f8babe69585f630c36d914c066d40114 3862672 apache2-doc_2.4.46-4ubuntu2_all.deb
 ed593f06d3bf44a99cd7c945730a470bfd33226f 3164 apache2-ssl-dev_2.4.46-4ubuntu2_amd64.deb
 2fd9d0dd63a4ba43748883303e7d0114685705fe 12420 apache2-suexec-custom-dbgsym_2.4.46-4ubuntu2_amd64.ddeb
 7b69cdabf23c49c62ec763ec0c3e89e94cbff865 15556 apache2-suexec-custom_2.4.46-4ubuntu2_amd64.deb
 d6afd76bc20763e3f323d49ad231638299d9adfe 11172 apache2-suexec-pristine-dbgsym_2.4.46-4ubuntu2_amd64.ddeb
 16e2ff3947ba18f01160b615975a4a1eecbd7db0 14040 apache2-suexec-pristine_2.4.46-4ubuntu2_amd64.deb
 85685bd687e4133db46fe2b364cf01382020c47f 116616 apache2-utils-dbgsym_2.4.46-4ubuntu2_amd64.ddeb
 1665446e477bcbf81c9be4db4ff8b4e25ab6bbd3 84548 apache2-utils_2.4.46-4ubuntu2_amd64.deb
 862fe467d4639ced43c2d97ce59e3f805a6e19bc 12380 apache2_2.4.46-4ubuntu2_amd64.buildinfo
 bc4bcdd157d29d331954a447ef7d342685449825 95860 apache2_2.4.46-4ubuntu2_amd64.deb
 0fb7f2b0f91fae5159b6929b3011af4d132c6283 996 libapache2-mod-md_2.4.46-4ubuntu2_amd64.deb
 b8e795c2c29b8d4ecda282bc43d586bf0d93ded4 1176 libapache2-mod-proxy-uwsgi_2.4.46-4ubuntu2_amd64.deb
Checksums-Sha256:
 2bc680be78be34f362da8b31beb84261454fe7f4d915c511ffbcca4d9dcb40ce 3303072 apache2-bin-dbgsym_2.4.46-4ubuntu2_amd64.ddeb
 ef1395d52e30f612095de46a84bf0af7fc27617875cc503e8099e6e35ed80d25 1200532 apache2-bin_2.4.46-4ubuntu2_amd64.deb
 440ec2192fdcd0056c57cbe0c9e52ac2ffc487bc4ae47a4394ccd94392949dc6 158476 apache2-data_2.4.46-4ubuntu2_all.deb
 e4099f971a2c5fec1087e2e8627cc818b4a73791419148accb238a5a47c8c063 179452 apache2-dev_2.4.46-4ubuntu2_amd64.deb
 559b7e0a9cf10e9f478b5f39e5924ebfe221288309db7d20b706fb68a92ec599 3862672 apache2-doc_2.4.46-4ubuntu2_all.deb
 2329ac6e26ebfc6d39cb93de22280b5f2b79d443336642c4db6e0ca4e8fe8c21 3164 apache2-ssl-dev_2.4.46-4ubuntu2_amd64.deb
 2cfe584efdcecd77bdd226c0c0e378aeb4e2cc0f5a9f72a9d706a91007b19239 12420 apache2-suexec-custom-dbgsym_2.4.46-4ubuntu2_amd64.ddeb
 419b2a8a45bdaa272bd59f35031197507b1fd69408c8c37b7bd0a97fa43dfe95 15556 apache2-suexec-custom_2.4.46-4ubuntu2_amd64.deb
 d8d19c5f383738d8cd9c1944590eb97d54667c325b456742b8eda9006c7b6da2 11172 apache2-suexec-pristine-dbgsym_2.4.46-4ubuntu2_amd64.ddeb
 61f5cdb2c14db085fc1c196aea7f5766e89d5194ddfd29850f69075efaece138 14040 apache2-suexec-pristine_2.4.46-4ubuntu2_amd64.deb
 25696c0ccb9202c6272ccb8dc64f0ae5c7b9ee2a5cf1e871a348274d49c107da 116616 apache2-utils-dbgsym_2.4.46-4ubuntu2_amd64.ddeb
 65d054ea8ae7eded19b7fa457e2ae9b6d18325506e2d85c1be485f715b934e6c 84548 apache2-utils_2.4.46-4ubuntu2_amd64.deb
 c43f63d2430a04103725620badcd181246fc36d02b7c70184d4ff3f1f2ed260f 12380 apache2_2.4.46-4ubuntu2_amd64.buildinfo
 c593cd377554244c1a328f95b41f42d173b1dc7d443428886c313a481a8d4673 95860 apache2_2.4.46-4ubuntu2_amd64.deb
 676d4d9ffcac39529a580f248c60429c3f39c47b285da2d2d9f4f46ab808d88c 996 libapache2-mod-md_2.4.46-4ubuntu2_amd64.deb
 6afe181aeb1b760e56ca0037f8194a846a0641c561ea0b26c7261c025e0fc5ad 1176 libapache2-mod-proxy-uwsgi_2.4.46-4ubuntu2_amd64.deb
Files:
 a37899a782b98223b784058519778e3a 3303072 debug optional apache2-bin-dbgsym_2.4.46-4ubuntu2_amd64.ddeb
 4f71d2145d779d1e5ac07dac2b22571f 1200532 httpd optional apache2-bin_2.4.46-4ubuntu2_amd64.deb
 0f6dfb697c48931adab6fdfddabb2989 158476 httpd optional apache2-data_2.4.46-4ubuntu2_all.deb
 b84cb57af977165e9b7f6d07e4157de2 179452 httpd optional apache2-dev_2.4.46-4ubuntu2_amd64.deb
 ea6d3f174d52f2e2d23f504740f7a639 3862672 doc optional apache2-doc_2.4.46-4ubuntu2_all.deb
 56a4e19c4624d9d792f545ff0b94be79 3164 httpd optional apache2-ssl-dev_2.4.46-4ubuntu2_amd64.deb
 be6d01b66c16036a7cd69c494684ac2e 12420 debug optional apache2-suexec-custom-dbgsym_2.4.46-4ubuntu2_amd64.ddeb
 29239de1f7d0680b537b8200d3412b47 15556 httpd optional apache2-suexec-custom_2.4.46-4ubuntu2_amd64.deb
 413d39c49b2619bb4eb27e8b85f37a9f 11172 debug optional apache2-suexec-pristine-dbgsym_2.4.46-4ubuntu2_amd64.ddeb
 592692a9b6656975e55072adb4074ded 14040 httpd optional apache2-suexec-pristine_2.4.46-4ubuntu2_amd64.deb
 79f4b40c6647cd8cc12597a509ff66fb 116616 debug optional apache2-utils-dbgsym_2.4.46-4ubuntu2_amd64.ddeb
 3eff2cc9207f7dc83ce34b4280af9167 84548 httpd optional apache2-utils_2.4.46-4ubuntu2_amd64.deb
 1416174f8017e08d8b1332c83e749584 12380 httpd optional apache2_2.4.46-4ubuntu2_amd64.buildinfo
 5125c83479522f0880b86edbbc92b168 95860 httpd optional apache2_2.4.46-4ubuntu2_amd64.deb
 7e4542715400ab16d7421943373b9159 996 oldlibs optional libapache2-mod-md_2.4.46-4ubuntu2_amd64.deb
 8593953bed61a3c4a183f62d5a3f68cc 1176 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.46-4ubuntu2_amd64.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>