Format: 1.8
Date: Mon, 26 Aug 2019 06:31:40 -0700
Source: apache2
Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: ppc64el
Version: 2.4.38-2ubuntu2.2
Distribution: disco
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-ppc64el-011.buildd>
Changed-By: Steve Beattie <sbeattie@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Launchpad-Bugs-Fixed: 1840188
Changes:
 apache2 (2.4.38-2ubuntu2.2) disco-security; urgency=medium
 .
   * SECURITY UPDATE: HTTP/2 internal data buffering denial of service.
     - d/p/mod_http2-1.15.4-backport-0004-CVE-2019-9517.patch: improve
       http/2 module keepalive throttling.
     - CVE-2019-9517
   * SECURITY UPDATE: Upgrade request from http/1.1 to http/2 crash
     denial of service (LP: #1840188)
     - d/p/mod_http2-1.14.1-backport-0001-Merge-r1852038-r1852101-from-trunk-CVE-2019-0197.patch:
       re-use slave connections and fix slave connection keepalives
       counter.
     - CVE-2019-0197
   * SECURITY UPDATE: mod_http2 memory corruption on early pushes
     - included in mod_http2 1.15.4 backport
     - CVE-2019-10081
   * SECURITY UPDATE: read-after-free in mod_http2 h2 connection
     shutdown.
     - included in mod_http2 1.15.4 backport
     - CVE-2019-10082
   * SECURITY UPDATE: mod_remoteip: Stack buffer overflow and NULL
     pointer dereference.
     - d/p/CVE-2019-10097.patch: add better sanity checks.
     - CVE-2019-10097
   * SECURITY UPDATE: Limited cross-site scripting in mod_proxy
     error page.
     - d/p/CVE-2019-10092-1.patch: Remove request details from built-in
       error documents.
     - d/p/CVE-2019-10092-2.patch: Add missing log numbers.
     - d/p/CVE-2019-10092-3.patch: mod_proxy: Improve XSRF/XSS
       protection.
     - CVE-2019-10092-1
   * SECURITY UPDATE: mod_rewrite potential open redirect
     - d/p/CVE-2019-10098.patch: Set PCRE_DOTALL by default.
     - CVE-2019-10098
   * Backport mod_http2 v1.14.1 and v1.15.4 for CVE-2019-9517,
     CVE-2019-10081, and CVE-2019-10082 fixes:
     - add d/p/mod_http2-1.14.1-backport-*.patches and
       d/p/mod_http2-1.15.4-backport-*.patches
Checksums-Sha1:
 9ac6229299877a23fc9eaee06b6b338e3625823b 5037072 apache2-bin-dbgsym_2.4.38-2ubuntu2.2_ppc64el.ddeb
 62e0606a4bb61cf11e0afcfea95c5d449fdf0d04 1272104 apache2-bin_2.4.38-2ubuntu2.2_ppc64el.deb
 307c1621cada1edaa5a88d20f8c0b02d27f207e8 179844 apache2-dev_2.4.38-2ubuntu2.2_ppc64el.deb
 1efaeff094c7f6f6cb4c0ebb4302d663867c55cf 2400 apache2-ssl-dev_2.4.38-2ubuntu2.2_ppc64el.deb
 378a8bca4698a45a91fc28049f05c3d625bb907a 13116 apache2-suexec-custom-dbgsym_2.4.38-2ubuntu2.2_ppc64el.ddeb
 9dcfeffe383a931ebba551de47d064bd209d9c46 15652 apache2-suexec-custom_2.4.38-2ubuntu2.2_ppc64el.deb
 3d8058083a8d20f1361c93e35c60b2c237a36841 11864 apache2-suexec-pristine-dbgsym_2.4.38-2ubuntu2.2_ppc64el.ddeb
 d4143635be5a821bfb7a120198fcd4cd850bf4e9 14060 apache2-suexec-pristine_2.4.38-2ubuntu2.2_ppc64el.deb
 1f7e587b658779d41b658c42a34549cfc9110ec3 147748 apache2-utils-dbgsym_2.4.38-2ubuntu2.2_ppc64el.ddeb
 aae844b00fa79fd92dbcef8b913415f844d00ec4 91480 apache2-utils_2.4.38-2ubuntu2.2_ppc64el.deb
 0c8a9c65e95cca8f87a9688d650149d202904c70 11237 apache2_2.4.38-2ubuntu2.2_ppc64el.buildinfo
 93118cc9b16e312c8467612330a655d6ae24f765 95468 apache2_2.4.38-2ubuntu2.2_ppc64el.deb
 f5db4646b6b4a8889dc09717cfed3d038fefdfff 992 libapache2-mod-md_2.4.38-2ubuntu2.2_ppc64el.deb
 e41d44e8b805b8a668f9b18e9b857d4960084101 1180 libapache2-mod-proxy-uwsgi_2.4.38-2ubuntu2.2_ppc64el.deb
Checksums-Sha256:
 e6adf396d8c2f59f60e2a0bf1f91e73e0877232d484129fee4f79be92b1cf872 5037072 apache2-bin-dbgsym_2.4.38-2ubuntu2.2_ppc64el.ddeb
 7c01f21fb78a3986a8c4c490261624cd9aa48c9dc4a77f8ecb0e5e839da7f00a 1272104 apache2-bin_2.4.38-2ubuntu2.2_ppc64el.deb
 eaf1fbcded65960baf4d934277c4d46246ed6d52ac1da10832ca46eed36fcf90 179844 apache2-dev_2.4.38-2ubuntu2.2_ppc64el.deb
 167150ae926a3ac0f31ca09079554ee5e3c9ad977e462d00f641d262479a542d 2400 apache2-ssl-dev_2.4.38-2ubuntu2.2_ppc64el.deb
 c831a82cb695d73c03e724e9d8e5e392e45ecb65cc38c0c985d7c453a41aefe3 13116 apache2-suexec-custom-dbgsym_2.4.38-2ubuntu2.2_ppc64el.ddeb
 3b7164ce7be40138a8a2250d18d86d50fdfd1b985e59076f461d87438b74641c 15652 apache2-suexec-custom_2.4.38-2ubuntu2.2_ppc64el.deb
 3176ddd1fe5abe0393daae31fea1003ce5c9c079827d4687112605179d9e8dad 11864 apache2-suexec-pristine-dbgsym_2.4.38-2ubuntu2.2_ppc64el.ddeb
 d03721090a3aefc9a4093508a3c7b1fa98e33303f520f3bd8ebd26d014da1f00 14060 apache2-suexec-pristine_2.4.38-2ubuntu2.2_ppc64el.deb
 8797d8421f98c21e0aa95bbe2506fa1baa19b0f98300f7f4b0d4122c16e19c00 147748 apache2-utils-dbgsym_2.4.38-2ubuntu2.2_ppc64el.ddeb
 6f1bb1deb7af47d851540c6aa93eacd9cdbfd06d716f9ee045bc4d0d4bc772ad 91480 apache2-utils_2.4.38-2ubuntu2.2_ppc64el.deb
 e49fc544c538cd177a37851c1246dd39a407f60dc8e779d168e3f3e6748cb5c0 11237 apache2_2.4.38-2ubuntu2.2_ppc64el.buildinfo
 028690092b56587b5cc8dfadf443a0cd230af8cc4a648fa8ddab52ea243d99f4 95468 apache2_2.4.38-2ubuntu2.2_ppc64el.deb
 176eb4bbee1500ba9254b8115f07f94ce47ba514fd96e79cd5b063b116b2a962 992 libapache2-mod-md_2.4.38-2ubuntu2.2_ppc64el.deb
 26c384a18ee37e7d5c132dd9c14b60b678590cda975e1ee316a4618dcb4d967f 1180 libapache2-mod-proxy-uwsgi_2.4.38-2ubuntu2.2_ppc64el.deb
Files:
 a05f88d13e63f19a497610ed0f05e138 5037072 debug optional apache2-bin-dbgsym_2.4.38-2ubuntu2.2_ppc64el.ddeb
 3e9fc303887a7062624be436d6c19d20 1272104 httpd optional apache2-bin_2.4.38-2ubuntu2.2_ppc64el.deb
 c282d98fbb85f77027d0a7a92eab3591 179844 httpd optional apache2-dev_2.4.38-2ubuntu2.2_ppc64el.deb
 7dc156f3c2425f8d04b81ac9b42e0640 2400 httpd optional apache2-ssl-dev_2.4.38-2ubuntu2.2_ppc64el.deb
 18ded5b4c64a6c8ed2bd1c11424d2745 13116 debug optional apache2-suexec-custom-dbgsym_2.4.38-2ubuntu2.2_ppc64el.ddeb
 7078e635851f7a75c9d662bf1aa6c67c 15652 httpd optional apache2-suexec-custom_2.4.38-2ubuntu2.2_ppc64el.deb
 b2eff5a4e0ad923d41ea736d0d30e5e8 11864 debug optional apache2-suexec-pristine-dbgsym_2.4.38-2ubuntu2.2_ppc64el.ddeb
 efacff969cfaf3f3edbca9a5d32a3099 14060 httpd optional apache2-suexec-pristine_2.4.38-2ubuntu2.2_ppc64el.deb
 f3ceee848e2f337fa236b5b5553b05b8 147748 debug optional apache2-utils-dbgsym_2.4.38-2ubuntu2.2_ppc64el.ddeb
 98e99841cb74f5aa9a0c453ead86d02f 91480 httpd optional apache2-utils_2.4.38-2ubuntu2.2_ppc64el.deb
 c2f4ab996d3a322507469129271b1c21 11237 httpd optional apache2_2.4.38-2ubuntu2.2_ppc64el.buildinfo
 dc9f2ebf9de5635d3b3e7719e404f1b0 95468 httpd optional apache2_2.4.38-2ubuntu2.2_ppc64el.deb
 6fdbb51fc0d0aa590f8a4da968b3a243 992 oldlibs optional libapache2-mod-md_2.4.38-2ubuntu2.2_ppc64el.deb
 b66a6a47fe0ed2a517e0a10f4af016ac 1180 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.38-2ubuntu2.2_ppc64el.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>