Format: 1.8 Date: Wed, 03 Oct 2018 10:41:08 -0400 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg Architecture: i386 Version: 2.4.29-1ubuntu4.4 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.29-1ubuntu4.4) bionic-security; urgency=medium . * SECURITY UPDATE: DoS in HTTP/2 via NULL pointer - debian/patches/CVE-2018-1302.patch: remove obsolete stream detach code in modules/http2/h2_bucket_beam.c, modules/http2/h2_stream.c, modules/http2/h2_stream.h. - CVE-2018-1302 * SECURITY UPDATE: DoS in HTTP/2 via worker exhaustion - debian/patches/CVE-2018-1333.patch: always wake up any conditional waits when streams are aborted in modules/http2/h2_bucket_beam.c. - CVE-2018-1333 * SECURITY UPDATE: DoS in HTTP/2 via large SETTINGS frames - debian/patches/CVE-2018-11763.patch: rework connection IO event handling in modules/http2/h2_session.c, modules/http2/h2_session.h, modules/http2/h2_version.h. - CVE-2018-11763 Checksums-Sha1: 5f5473b3179dbf4af548a2e71d330051b8a1df61 1140396 apache2-bin_2.4.29-1ubuntu4.4_i386.deb b394d58983cba0fa857ba1be243aa62bf9639ef8 3552984 apache2-dbg_2.4.29-1ubuntu4.4_i386.deb c352aa626ef08b2c1aef9dd023ad4eecd5ba02a8 176816 apache2-dev_2.4.29-1ubuntu4.4_i386.deb 941456e1c62ec729777d814f97cad321f0086858 2396 apache2-ssl-dev_2.4.29-1ubuntu4.4_i386.deb 8824735441cf0bcb7ce41fc83e2341639d02b2d2 15292 apache2-suexec-custom_2.4.29-1ubuntu4.4_i386.deb cc0c434533aebdaba0cf36b04731493e00a4710f 13748 apache2-suexec-pristine_2.4.29-1ubuntu4.4_i386.deb 9dc80dd670c71bfb4b0ef1c9764325e19c944f18 87848 apache2-utils_2.4.29-1ubuntu4.4_i386.deb d8b875542bd4e0173a1313d73aef1bce0076ccca 9833 apache2_2.4.29-1ubuntu4.4_i386.buildinfo bc3486a00957fe3e47d33e80e2555fb8762d0242 95084 apache2_2.4.29-1ubuntu4.4_i386.deb Checksums-Sha256: 589fc56a79dbde0288cbf80292fd1bf09d03b3fdb138e0a34647cc11373c784e 1140396 apache2-bin_2.4.29-1ubuntu4.4_i386.deb 389075f7e95525d64fb1e5e7a018412ef980da7dfe6deaa0702e0e44df743da5 3552984 apache2-dbg_2.4.29-1ubuntu4.4_i386.deb 7771c030153cf3312ead5c7050b48fe45d5bc3779d22691a955bab40e95633bf 176816 apache2-dev_2.4.29-1ubuntu4.4_i386.deb 7bca47e654e804ece2dc45201222ed65dd12cf95611740a4453c06193aeb7f81 2396 apache2-ssl-dev_2.4.29-1ubuntu4.4_i386.deb bd28c3c64c0eb21aa5dd3241cbad463f14a64ecff08d9932338d31dca3170ea2 15292 apache2-suexec-custom_2.4.29-1ubuntu4.4_i386.deb 33d80fdeb89dcf6b048e29ea00a6e6e15d159b9a24c24260d0537cb524614152 13748 apache2-suexec-pristine_2.4.29-1ubuntu4.4_i386.deb cedecc34def1263ccf3d08d4a83a81ed4c69bbbdb387fe1b19efc2598e5686bf 87848 apache2-utils_2.4.29-1ubuntu4.4_i386.deb ef9c29403bc7ecfa92344c07822679fda57142e1057a2c8215c195f01caee7db 9833 apache2_2.4.29-1ubuntu4.4_i386.buildinfo 3285a7eabd74a95b1e3f0a334a42818a7f64b6017bfaaa0c0bc93af730f8c49e 95084 apache2_2.4.29-1ubuntu4.4_i386.deb Files: aed1419ae4d3e73d901ccefddfac977e 1140396 httpd optional apache2-bin_2.4.29-1ubuntu4.4_i386.deb 73c305855d99785b91d09526eb429efe 3552984 debug optional apache2-dbg_2.4.29-1ubuntu4.4_i386.deb 20c635f785b0e4494b9ebed3d01a8cdf 176816 httpd optional apache2-dev_2.4.29-1ubuntu4.4_i386.deb d38a606e8d8d6ebd0a6877615e3b8c87 2396 httpd optional apache2-ssl-dev_2.4.29-1ubuntu4.4_i386.deb 8bd43b13b715f80fb939d202f2f01b60 15292 httpd optional apache2-suexec-custom_2.4.29-1ubuntu4.4_i386.deb 0ed906eeeaaddb4b03d27f6eb2d14f43 13748 httpd optional apache2-suexec-pristine_2.4.29-1ubuntu4.4_i386.deb d79301014003cb2601c34e9cfa9f09b0 87848 httpd optional apache2-utils_2.4.29-1ubuntu4.4_i386.deb edcaa98f0ca14a185cae51f40491b6c6 9833 httpd optional apache2_2.4.29-1ubuntu4.4_i386.buildinfo 606856b505cd8ab5a662469e4b93c027 95084 httpd optional apache2_2.4.29-1ubuntu4.4_i386.deb Original-Maintainer: Debian Apache Maintainers