Format: 1.8
Date: Thu, 17 Jun 2021 13:09:41 -0400
Source: apache2
Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi
Built-For-Profiles: noudeb
Architecture: s390x
Version: 2.4.46-4ubuntu2
Distribution: impish-proposed
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-s390x-012.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Changes:
 apache2 (2.4.46-4ubuntu2) impish; urgency=medium
 .
   * SECURITY UPDATE: mod_proxy_http denial of service.
     - debian/patches/CVE-2020-13950.patch: don't dereference NULL proxy
       connection in modules/proxy/mod_proxy_http.c.
     - CVE-2020-13950
   * SECURITY UPDATE: stack overflow via Digest nonce in mod_auth_digest
     - debian/patches/CVE-2020-35452.patch: fast validation of the nonce's
       base64 to fail early if the format can't match anyway in
       modules/aaa/mod_auth_digest.c.
     - CVE-2020-35452
   * SECURITY UPDATE: DoS via cookie header in mod_session
     - debian/patches/CVE-2021-26690.patch: save one apr_strtok() in
       session_identity_decode() in modules/session/mod_session.c.
     - CVE-2021-26690
   * SECURITY UPDATE: heap overflow via SessionHeader
     - debian/patches/CVE-2021-26691.patch: account for the '&' in
       identity_concat() in modules/session/mod_session.c.
     - CVE-2021-26691
   * SECURITY UPDATE: Unexpected matching behavior with 'MergeSlashes OFF'
     - debian/patches/CVE-2021-30641.patch: change default behavior in
       server/request.c.
     - CVE-2021-30641
Checksums-Sha1:
 9a0686f3ec1474977248c6015ffde8bc8da6c41e 4053792 apache2-bin-dbgsym_2.4.46-4ubuntu2_s390x.ddeb
 8316d405fb76ad9c46b87c5422ffe5308b86d00c 1211996 apache2-bin_2.4.46-4ubuntu2_s390x.deb
 07373746436cb8ad64577b154851941932104f9e 179444 apache2-dev_2.4.46-4ubuntu2_s390x.deb
 0607643b4fa1824004bfac452fa3eda2126b96da 3164 apache2-ssl-dev_2.4.46-4ubuntu2_s390x.deb
 b6ba9ff7503420e6cf82b5e17c1d230f75fefd4e 12428 apache2-suexec-custom-dbgsym_2.4.46-4ubuntu2_s390x.ddeb
 2b1887cbbad89db12ef50f3d08529723277623df 15344 apache2-suexec-custom_2.4.46-4ubuntu2_s390x.deb
 620852dca0ab0141f9c9ee6de25b3c2fdbeddb6f 11268 apache2-suexec-pristine-dbgsym_2.4.46-4ubuntu2_s390x.ddeb
 3989d923a0403f0b9666800227edfdf096d1cc80 13808 apache2-suexec-pristine_2.4.46-4ubuntu2_s390x.deb
 ad8f60f0d1b58ad43cb2ed37f9518742c030a613 123164 apache2-utils-dbgsym_2.4.46-4ubuntu2_s390x.ddeb
 c87ab3a12422da17e7a8801b12b1fbce8825f04c 83408 apache2-utils_2.4.46-4ubuntu2_s390x.deb
 4888aa77286b4d8a117d324a3bcb1fac66214882 11705 apache2_2.4.46-4ubuntu2_s390x.buildinfo
 016ffb3e8646eefe7ac6a8081016247642e664c5 95860 apache2_2.4.46-4ubuntu2_s390x.deb
 f8cffd77c06a469413052eb1ec5a540ffb585926 996 libapache2-mod-md_2.4.46-4ubuntu2_s390x.deb
 b8f48a68e257fe71ebc30dfec6c4c23da4fcb566 1172 libapache2-mod-proxy-uwsgi_2.4.46-4ubuntu2_s390x.deb
Checksums-Sha256:
 8af6f9eb9ae35d8bd43a02e75fda3243ebc01bc29e1e822324df1d66ef778d8f 4053792 apache2-bin-dbgsym_2.4.46-4ubuntu2_s390x.ddeb
 cad65eecb80ee3387fff2350f71d11d990b7d9532ec014127047958a33da9b9c 1211996 apache2-bin_2.4.46-4ubuntu2_s390x.deb
 032d677c746a78bf5c4f05dddaacf0eddbc220c4b87baf6787a8f212fdb8070e 179444 apache2-dev_2.4.46-4ubuntu2_s390x.deb
 ce5f8901c685d811273219616268c43e383536442773453842775087eaa71e43 3164 apache2-ssl-dev_2.4.46-4ubuntu2_s390x.deb
 001d554c15916547f6dbfeeb817d871c42c9f0d2e47338235ce79b0c335ddc5a 12428 apache2-suexec-custom-dbgsym_2.4.46-4ubuntu2_s390x.ddeb
 d6e9fe4e9fb26ddb2c35709d0dced70c1a6dd60d5fe8c1ab33f4e8b0d5b7ce8a 15344 apache2-suexec-custom_2.4.46-4ubuntu2_s390x.deb
 3d97a9660a792aebc4ee6a7f3563fbfb7ab568024661a214c423c5dbf8c16bec 11268 apache2-suexec-pristine-dbgsym_2.4.46-4ubuntu2_s390x.ddeb
 88ba1d43e5070a17f35aa656dae8291bbb1d782ffb9190231ad60c0a772cb4c2 13808 apache2-suexec-pristine_2.4.46-4ubuntu2_s390x.deb
 1461f1d965105c7515afe233d5db6d460e75d2fb92f597cfb0d1f574a6f4b617 123164 apache2-utils-dbgsym_2.4.46-4ubuntu2_s390x.ddeb
 a870f12b11bd02b541befb9da41740cb3099128498a9d45bd4f94322977e362f 83408 apache2-utils_2.4.46-4ubuntu2_s390x.deb
 91ef1a9885b34f8c8f8c596acc9c13fa970af418ab1fd8c970fcc1c13d19d70c 11705 apache2_2.4.46-4ubuntu2_s390x.buildinfo
 95bf6d72aaad14d7e9d6ff53d7580be493b09eca6cbfee238c0c0f0cc73f3c5f 95860 apache2_2.4.46-4ubuntu2_s390x.deb
 2fdf45b58cd0e20e1134221817f2dddc354a175425af85b65abd03077a548c67 996 libapache2-mod-md_2.4.46-4ubuntu2_s390x.deb
 b503e3ce7170086421ce531b67164d0dbd5df9c2f96385210567684a6b7419ec 1172 libapache2-mod-proxy-uwsgi_2.4.46-4ubuntu2_s390x.deb
Files:
 4133c1f99a242f75631fb7d6b808bdca 4053792 debug optional apache2-bin-dbgsym_2.4.46-4ubuntu2_s390x.ddeb
 a0d4ad8b92cf5f2a7926c5c2dea5d5fc 1211996 httpd optional apache2-bin_2.4.46-4ubuntu2_s390x.deb
 49e4da297357950526d48d45a8ee5926 179444 httpd optional apache2-dev_2.4.46-4ubuntu2_s390x.deb
 3c03e47a9e417d8b11ea9dd2d25eca8c 3164 httpd optional apache2-ssl-dev_2.4.46-4ubuntu2_s390x.deb
 f89f64bc4046059c02c7cb5c3f4e39c8 12428 debug optional apache2-suexec-custom-dbgsym_2.4.46-4ubuntu2_s390x.ddeb
 a07487b8775de6391ec22b17a6e755be 15344 httpd optional apache2-suexec-custom_2.4.46-4ubuntu2_s390x.deb
 6683477487d356fc4b2260bc8b1a7dfb 11268 debug optional apache2-suexec-pristine-dbgsym_2.4.46-4ubuntu2_s390x.ddeb
 b671ffee0a286f5a7c00a1e73e9c450a 13808 httpd optional apache2-suexec-pristine_2.4.46-4ubuntu2_s390x.deb
 3e90cb84abff98e15bd8dad2469a6d74 123164 debug optional apache2-utils-dbgsym_2.4.46-4ubuntu2_s390x.ddeb
 d588036417057327fa50988f8ff5f104 83408 httpd optional apache2-utils_2.4.46-4ubuntu2_s390x.deb
 5bb13a88dae043c175513b100bcf714b 11705 httpd optional apache2_2.4.46-4ubuntu2_s390x.buildinfo
 58f8365b3cd82fb5f5c766ac8a665c90 95860 httpd optional apache2_2.4.46-4ubuntu2_s390x.deb
 7530595f1568d919617503f0060f5d74 996 oldlibs optional libapache2-mod-md_2.4.46-4ubuntu2_s390x.deb
 bebed4321654c9b4e327cbe6caef33e7 1172 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.46-4ubuntu2_s390x.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>