Format: 1.8
Date: Wed, 18 Apr 2018 10:20:05 -0400
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg
Architecture: s390x
Version: 2.4.27-2ubuntu4.1
Distribution: artful
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-s390x-013.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
Changes:
 apache2 (2.4.27-2ubuntu4.1) artful-security; urgency=medium
 .
   * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
     - debian/patches/CVE-2017-15710.patch: fix language long names
       detection as short name in modules/aaa/mod_authnz_ldap.c.
     - CVE-2017-15710
   * SECURITY UPDATE: incorrect <FilesMatch> matching
     - debian/patches/CVE-2017-15715.patch: allow to configure
       global/default options for regexes, like caseless matching or
       extended format in include/ap_regex.h, server/core.c,
       server/util_pcre.c.
     - CVE-2017-15715
   * SECURITY UPDATE: mod_session header manipulation
     - debian/patches/CVE-2018-1283.patch: strip Session header when
       SessionEnv is on in modules/session/mod_session.c.
     - CVE-2018-1283
   * SECURITY UPDATE: DoS via specially-crafted request
     - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
       terminated on any error, not only on buffer full in
       server/protocol.c.
     - CVE-2018-1301
   * SECURITY UPDATE: mod_cache_socache DoS
     - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
       to carriage return in modules/cache/mod_cache_socache.c.
     - CVE-2018-1303
   * SECURITY UPDATE: insecure nonce generation
     - debian/patches/CVE-2018-1312.patch: actually use the secret when
       generating nonces in modules/aaa/mod_auth_digest.c.
     - CVE-2018-1312
Checksums-Sha1:
 5bbcc68ba018b7fb943a8c2fb7748fee2ea4bdac 883252 apache2-bin_2.4.27-2ubuntu4.1_s390x.deb
 bc8a24df74dfad53d17887087d972f7b29fca57c 3719148 apache2-dbg_2.4.27-2ubuntu4.1_s390x.deb
 b8fe8f8d0bfd5936395c0c0a2fa11fbda887468b 176048 apache2-dev_2.4.27-2ubuntu4.1_s390x.deb
 8530f51cca8b9fd6c3480dd407cc44dec18f5607 2300 apache2-ssl-dev_2.4.27-2ubuntu4.1_s390x.deb
 02662fadf0d03f34a6dd5507847ce595ef417321 14994 apache2-suexec-custom_2.4.27-2ubuntu4.1_s390x.deb
 5f756ede5cfd5d3f93fcd1c567bd30ef10ac6b15 13462 apache2-suexec-pristine_2.4.27-2ubuntu4.1_s390x.deb
 d9be0164d854d29c6d1f6e6976d82f621a7bf8cd 80682 apache2-utils_2.4.27-2ubuntu4.1_s390x.deb
 55f39e4edb8ba1152a00cc8b90232448780e546a 8800 apache2_2.4.27-2ubuntu4.1_s390x.buildinfo
 572cd33372b5cec7233e89b4e7ce75901c8c59a0 95852 apache2_2.4.27-2ubuntu4.1_s390x.deb
Checksums-Sha256:
 f4fa551606dfa37f04d5a15cbbff54fd38edd07d58c526939e2fb20df4ba102c 883252 apache2-bin_2.4.27-2ubuntu4.1_s390x.deb
 c16d3b8444c982d50940ffcdddc2f9b7fc8bda3989184842ef63f707989db445 3719148 apache2-dbg_2.4.27-2ubuntu4.1_s390x.deb
 4c77a6f5b9ce708042e1e81517ed59675b58786e0c7487d1f05c48ccdbd553b2 176048 apache2-dev_2.4.27-2ubuntu4.1_s390x.deb
 49121908651f69de1b3ca7ee3312b3fe0c61e89c05e73c29163406003df8f655 2300 apache2-ssl-dev_2.4.27-2ubuntu4.1_s390x.deb
 bb737c7bc186d31e5e4bab2b3ae666269d4a1ec2b147cb0606947f83ad9b6f11 14994 apache2-suexec-custom_2.4.27-2ubuntu4.1_s390x.deb
 c2abc6c1fe0c7a02a06d6c04468393d806d8dd12389b9862ee82669bd9cc6387 13462 apache2-suexec-pristine_2.4.27-2ubuntu4.1_s390x.deb
 dd09f6fc7e9df78183c80c95301da85cd9b0c6381a4c035ce7bfbef4b577d7d7 80682 apache2-utils_2.4.27-2ubuntu4.1_s390x.deb
 4641e6cf73b7992b0fa3c160fb873085edea3edc82738dcad5b8981528b8d82a 8800 apache2_2.4.27-2ubuntu4.1_s390x.buildinfo
 12f5345260f76d75525c9e54fe238ad1f34f64cee36992821c2a4cba59206940 95852 apache2_2.4.27-2ubuntu4.1_s390x.deb
Files:
 095d3afa48730a64c408807e3ae613f2 883252 httpd optional apache2-bin_2.4.27-2ubuntu4.1_s390x.deb
 6757d7a8dbd44ad5a9e9ae107823d85f 3719148 debug extra apache2-dbg_2.4.27-2ubuntu4.1_s390x.deb
 1232b9b0c2e496734fe3e8093dd61b3e 176048 httpd optional apache2-dev_2.4.27-2ubuntu4.1_s390x.deb
 8f9616c3b138374bdd165b8210e72310 2300 httpd optional apache2-ssl-dev_2.4.27-2ubuntu4.1_s390x.deb
 1c93999f61904d7d1dc5922b517c1e65 14994 httpd extra apache2-suexec-custom_2.4.27-2ubuntu4.1_s390x.deb
 915703c48e67daeacfefd9abec34c7a9 13462 httpd optional apache2-suexec-pristine_2.4.27-2ubuntu4.1_s390x.deb
 ab612c86e9d0702ce9871b300b180557 80682 httpd optional apache2-utils_2.4.27-2ubuntu4.1_s390x.deb
 53f788aa2781a7a057cda4c6bb16fd22 8800 httpd optional apache2_2.4.27-2ubuntu4.1_s390x.buildinfo
 424e447e4a76a16e79a26e1f01b40c16 95852 httpd optional apache2_2.4.27-2ubuntu4.1_s390x.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>