Format: 1.8
Date: Fri, 18 Jun 2021 07:06:22 -0400
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg
Architecture: i386
Version: 2.4.29-1ubuntu4.16
Distribution: bionic
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lgw01-amd64-027.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
Changes:
 apache2 (2.4.29-1ubuntu4.16) bionic-security; urgency=medium
 .
   * SECURITY UPDATE: stack overflow via Digest nonce in mod_auth_digest
     - debian/patches/CVE-2020-35452.patch: fast validation of the nonce's
       base64 to fail early if the format can't match anyway in
       modules/aaa/mod_auth_digest.c.
     - CVE-2020-35452
   * SECURITY UPDATE: DoS via cookie header in mod_session
     - debian/patches/CVE-2021-26690.patch: save one apr_strtok() in
       session_identity_decode() in modules/session/mod_session.c.
     - CVE-2021-26690
   * SECURITY UPDATE: heap overflow via SessionHeader
     - debian/patches/CVE-2021-26691.patch: account for the '&' in
       identity_concat() in modules/session/mod_session.c.
     - CVE-2021-26691
   * SECURITY UPDATE: Unexpected matching behavior with 'MergeSlashes OFF'
     - debian/patches/CVE-2021-30641.patch: change default behavior in
       server/request.c.
     - CVE-2021-30641
   * This update does _not_ include the changes from 2.4.29-1ubuntu4.15 in
     bionic-proposed.
Checksums-Sha1:
 290824aa10150a78110da21edfe987dfaa33ceb0 1138668 apache2-bin_2.4.29-1ubuntu4.16_i386.deb
 2a66f98f6522181e7b015e352cf1757a2cae46d2 3548908 apache2-dbg_2.4.29-1ubuntu4.16_i386.deb
 ff977530620eff199a2055f0c52ea1c0d1bef190 177648 apache2-dev_2.4.29-1ubuntu4.16_i386.deb
 d2b3606278c83ce2fc829095f3540b54fe68e19e 2396 apache2-ssl-dev_2.4.29-1ubuntu4.16_i386.deb
 16b48423e94275d4873f11cc8cd01fc248f14d4c 15328 apache2-suexec-custom_2.4.29-1ubuntu4.16_i386.deb
 7f3dc96381930f57cc2fd1c75e0bfc531046ef8e 13772 apache2-suexec-pristine_2.4.29-1ubuntu4.16_i386.deb
 e828b62f4d4fc037242e62d2b32878c9dff89c42 88580 apache2-utils_2.4.29-1ubuntu4.16_i386.deb
 b204e61abc64d547a899760238cce6a976a1bae4 10225 apache2_2.4.29-1ubuntu4.16_i386.buildinfo
 6e7a66983f35c83b72e77182c66a1b14839323cc 95100 apache2_2.4.29-1ubuntu4.16_i386.deb
Checksums-Sha256:
 d4bc3dbe388dd1780fc6d3aaba3c1d9c6ecba775ea6625e569823c8046d9d8a6 1138668 apache2-bin_2.4.29-1ubuntu4.16_i386.deb
 a971f19998a10f0d21cb9bb4ea6be10dcc9ab6f4b8dfa2db1d056acf2130ad78 3548908 apache2-dbg_2.4.29-1ubuntu4.16_i386.deb
 020560ae3f41d97cce4749f286dcebb56344252c57936b07c8c82aef80e08a7c 177648 apache2-dev_2.4.29-1ubuntu4.16_i386.deb
 6b34b5d2cf53722faedfb63f244e72d67cb93eef3cb4cafc051dff22a07cf8f2 2396 apache2-ssl-dev_2.4.29-1ubuntu4.16_i386.deb
 265345599ea35beb9bbddc5b7c0a196be80bfe924f3906f68a22b27495da47b2 15328 apache2-suexec-custom_2.4.29-1ubuntu4.16_i386.deb
 38e1ace6c7781a0a7aa7467e71d21ae128ed2a26be67cfbb9e8570d846d89b45 13772 apache2-suexec-pristine_2.4.29-1ubuntu4.16_i386.deb
 ff2609610ba4004db8a49098ff03f9d725bfbb03a38f0a01626d67009fcf3ab0 88580 apache2-utils_2.4.29-1ubuntu4.16_i386.deb
 bf9396bc13af8c1c7921b07a69659366f45bf0935e63a410900a4ee18b55d1be 10225 apache2_2.4.29-1ubuntu4.16_i386.buildinfo
 07f347b5e1932b05fd67173f12190d9257c540e833f29c8986d2b2b7c408fbf2 95100 apache2_2.4.29-1ubuntu4.16_i386.deb
Files:
 535c8f73fd7dd9f6cdf6fe7bcdfaf3b2 1138668 httpd optional apache2-bin_2.4.29-1ubuntu4.16_i386.deb
 91434e4f2f1c24f8436bff18f56ef323 3548908 debug optional apache2-dbg_2.4.29-1ubuntu4.16_i386.deb
 4c83113fae4d44d23bb6519091f14546 177648 httpd optional apache2-dev_2.4.29-1ubuntu4.16_i386.deb
 96df445079f67478fc1f46f3ab6fd05c 2396 httpd optional apache2-ssl-dev_2.4.29-1ubuntu4.16_i386.deb
 abe5f8bedacce33d8c2055ee28648f38 15328 httpd optional apache2-suexec-custom_2.4.29-1ubuntu4.16_i386.deb
 b3bfb2c17b20cfba4b0286fda8a651a4 13772 httpd optional apache2-suexec-pristine_2.4.29-1ubuntu4.16_i386.deb
 bea0ca7ab80e91de7d273266632d7448 88580 httpd optional apache2-utils_2.4.29-1ubuntu4.16_i386.deb
 6c87666d36740d87c87f34bd0729a4ab 10225 httpd optional apache2_2.4.29-1ubuntu4.16_i386.buildinfo
 c6fd14b1b134efc51f0efaa8720bad9a 95100 httpd optional apache2_2.4.29-1ubuntu4.16_i386.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>