Format: 1.8
Date: Wed, 12 Aug 2020 17:33:25 -0400
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg
Architecture: i386
Version: 2.4.29-1ubuntu4.14
Distribution: bionic
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lgw01-amd64-021.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
Changes:
 apache2 (2.4.29-1ubuntu4.14) bionic-security; urgency=medium
 .
   * SECURITY UPDATE: mod_rewrite redirect issue
     - debian/patches/CVE-2020-1927-1.patch: factor out default regex flags
       in include/ap_regex.h, server/core.c, server/util_pcre.c.
     - debian/patches/CVE-2020-1927-2.patch: add AP_REG_NO_DEFAULT to allow
       opt-out of pcre defaults in include/ap_regex.h,
       modules/filters/mod_substitute.c, server/util_pcre.c,
       server/util_regex.c.
     - CVE-2020-1927
   * SECURITY UPDATE: mod_proxy_ftp uninitialized memory issue
     - debian/patches/CVE-2020-1934.patch: trap bad FTP responses in
       modules/proxy/mod_proxy_ftp.c.
     - CVE-2020-1934
   * SECURITY UPDATE: DoS via invalid Cache-Digest header
     - debian/patches/CVE-2020-9490.patch: remove support for abandoned
       http-wg draft in modules/http2/h2_push.c, modules/http2/h2_push.h.
     - CVE-2020-9490
   * SECURITY UPDATE: concurrent use of memory pools in HTTP/2 module
     - debian/patches/CVE-2020-11993-pre1.patch: fixed rare cases where a h2
       worker could deadlock the main connection in modules/http2/*.
     - debian/patches/CVE-2020-11993.patch: fix logging and rename
       terminology in modules/http2/*.
     - CVE-2020-11993
Checksums-Sha1:
 08611dbd822e0e68968a4daf7fb62693e47dfac2 1139144 apache2-bin_2.4.29-1ubuntu4.14_i386.deb
 c3be4d59e8f41e7b9629ec4fd13908a4ca603ddb 3548736 apache2-dbg_2.4.29-1ubuntu4.14_i386.deb
 e1457293f9a5c999b0fda74e0f64fdb34e08b01b 177504 apache2-dev_2.4.29-1ubuntu4.14_i386.deb
 69e8f693ecb552da6c3a6490cbd00c300bc0d391 2392 apache2-ssl-dev_2.4.29-1ubuntu4.14_i386.deb
 463d298f9b82fd9e6fe29605ac2d40e82f1d146d 15320 apache2-suexec-custom_2.4.29-1ubuntu4.14_i386.deb
 8191bf559b913c5accc5e4a29f35c5de87318dd0 13768 apache2-suexec-pristine_2.4.29-1ubuntu4.14_i386.deb
 6da0135a004c0e03f063fb3255bce8f2c3ef8452 88444 apache2-utils_2.4.29-1ubuntu4.14_i386.deb
 dbbc6466bead1fc81a975dd49965623907c3f8aa 10147 apache2_2.4.29-1ubuntu4.14_i386.buildinfo
 c15bcc7bb38900f7961090b12e0dee7587c02002 95080 apache2_2.4.29-1ubuntu4.14_i386.deb
Checksums-Sha256:
 792bb1ca59615b82af5d3bc395b8a3ed227ec4e359de1208941643514589ffcd 1139144 apache2-bin_2.4.29-1ubuntu4.14_i386.deb
 ef2aeb7d403b2a5b9c9bb10f2c5041ba88dbdd7a70de3b66cf2ddab50332f986 3548736 apache2-dbg_2.4.29-1ubuntu4.14_i386.deb
 ecbd685153f88a99620caa91afbf318074f0610ed4584fbcc42e01cea7d0a753 177504 apache2-dev_2.4.29-1ubuntu4.14_i386.deb
 bb4da8d5f3db372e6af26e8d5cc8f605d113264daca35edf4069d23da4a207bb 2392 apache2-ssl-dev_2.4.29-1ubuntu4.14_i386.deb
 8018153c2a99b4c30f4cfd45f0ee64017660dbf7429eacf7d35c0ec1109655eb 15320 apache2-suexec-custom_2.4.29-1ubuntu4.14_i386.deb
 37997d24a36a00df0a2b200b0ad01d6c72945afb9cffc2f7ab598e541e6af0aa 13768 apache2-suexec-pristine_2.4.29-1ubuntu4.14_i386.deb
 7089be158409029cda13c6461a243657fe317293159d826c609016ccabede2db 88444 apache2-utils_2.4.29-1ubuntu4.14_i386.deb
 ae5f534a7945bd9846895d1638c4e911951bd5f0b69306491692df46305b2b97 10147 apache2_2.4.29-1ubuntu4.14_i386.buildinfo
 60b66608e7721325fc57f0edae27919a04fdc87a14448b1e29aa794f9d5ab459 95080 apache2_2.4.29-1ubuntu4.14_i386.deb
Files:
 dbea94c43632e94ae89d1ff56d0e7d69 1139144 httpd optional apache2-bin_2.4.29-1ubuntu4.14_i386.deb
 72d6ddd1bb4662499c9ffdd6ced1fbb3 3548736 debug optional apache2-dbg_2.4.29-1ubuntu4.14_i386.deb
 237d68fc0900aca368cdbe86b5d4d654 177504 httpd optional apache2-dev_2.4.29-1ubuntu4.14_i386.deb
 1893b94738c8a062e5db1a50ad59b810 2392 httpd optional apache2-ssl-dev_2.4.29-1ubuntu4.14_i386.deb
 9de6f280f8c2192b87c593bf2ceaf6d4 15320 httpd optional apache2-suexec-custom_2.4.29-1ubuntu4.14_i386.deb
 3bfa72a4471cfbb872d0693620e01951 13768 httpd optional apache2-suexec-pristine_2.4.29-1ubuntu4.14_i386.deb
 6b910820fc07918b22b2aa7be6d2a0eb 88444 httpd optional apache2-utils_2.4.29-1ubuntu4.14_i386.deb
 80535545e2f7a750f261fab264093e42 10147 httpd optional apache2_2.4.29-1ubuntu4.14_i386.buildinfo
 43537b9a80fb4481cc62592d1371ddf3 95080 httpd optional apache2_2.4.29-1ubuntu4.14_i386.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>