Format: 1.8 Date: Wed, 05 Jan 2022 09:29:15 -0500 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Built-For-Profiles: noudeb Architecture: arm64 Version: 2.4.48-3.1ubuntu3.2 Distribution: impish Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.48-3.1ubuntu3.2) impish-security; urgency=medium . * SECURITY UPDATE: DoS or SSRF via forward proxy - debian/patches/CVE-2021-44224-1.patch: enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname in include/http_protocol.h, modules/http/http_request.c, modules/http2/h2_request.c, modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c, server/protocol.c. - debian/patches/CVE-2021-44224-2.patch: don't prevent forwarding URIs w/ no hostname in modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c. - CVE-2021-44224 * SECURITY UPDATE: overflow in mod_lua multipart parser - debian/patches/CVE-2021-44790.patch: improve error handling in modules/lua/lua_request.c. - CVE-2021-44790 Checksums-Sha1: 5cf7c2157997bb300158f20d5d52967f7c6c4dde 3874122 apache2-bin-dbgsym_2.4.48-3.1ubuntu3.2_arm64.ddeb cd6057cca7a2e337fec4ae02d9a73fc1cec5d44f 1282730 apache2-bin_2.4.48-3.1ubuntu3.2_arm64.deb df02c1ef2d1f21e6cd1feb2bb74fbd0c50739514 187444 apache2-dev_2.4.48-3.1ubuntu3.2_arm64.deb 660d942bc8567836f42a403fedc971eb90be844b 2988 apache2-ssl-dev_2.4.48-3.1ubuntu3.2_arm64.deb feb1e79f24faf1e74721c951fa0b135b76ef66b8 12884 apache2-suexec-custom-dbgsym_2.4.48-3.1ubuntu3.2_arm64.ddeb c99fe178be6dc5e850dcaff1de9eb6f2e3c7a859 16140 apache2-suexec-custom_2.4.48-3.1ubuntu3.2_arm64.deb a179d19486d56f28899202c2c345106b632543f6 11590 apache2-suexec-pristine-dbgsym_2.4.48-3.1ubuntu3.2_arm64.ddeb e11791d48a216ddc677e13692ccdf44b008affa3 14602 apache2-suexec-pristine_2.4.48-3.1ubuntu3.2_arm64.deb abf484a8ae68b237155a3ca818bb124fd06e480c 120922 apache2-utils-dbgsym_2.4.48-3.1ubuntu3.2_arm64.ddeb 223e513bf4fbcf6dae22e79d44734e5557c497f3 87554 apache2-utils_2.4.48-3.1ubuntu3.2_arm64.deb a30d2161bf03082e214d68c99a19a30eca32de04 11803 apache2_2.4.48-3.1ubuntu3.2_arm64.buildinfo b7aed3b70ce82ebd36cd14b01284a490b75d3be9 97832 apache2_2.4.48-3.1ubuntu3.2_arm64.deb a5f580bffa593f18cd958f61b138987a8dae4041 804 libapache2-mod-md_2.4.48-3.1ubuntu3.2_arm64.deb a32eb357152031fef6cacabf3a3f11a08496c53d 988 libapache2-mod-proxy-uwsgi_2.4.48-3.1ubuntu3.2_arm64.deb Checksums-Sha256: 4d1a5beb35998959bda3727ae5035a8d9d92d010a83b74b9a7dba7feb0d1efc1 3874122 apache2-bin-dbgsym_2.4.48-3.1ubuntu3.2_arm64.ddeb d993c02c2200f62d628a974afe020ed1da03288c4f54107403fe0ffc6ffe0391 1282730 apache2-bin_2.4.48-3.1ubuntu3.2_arm64.deb f28f16db7b7cabc3fb62256d118f22e41d3bdf1337c3eba06c110bc328cecb2f 187444 apache2-dev_2.4.48-3.1ubuntu3.2_arm64.deb bf55b3044e747e3fe39060bcb1d7a96327c069ee611cc4aa0dea1c040e6dc060 2988 apache2-ssl-dev_2.4.48-3.1ubuntu3.2_arm64.deb c6364a14b53812ab8606b414e2f64bc79ddead95b92c5984909c79dd58d19e4f 12884 apache2-suexec-custom-dbgsym_2.4.48-3.1ubuntu3.2_arm64.ddeb 74ee976382fd3586f9fdbb0ee3b1b2ed86f5ba8661b0a4d04917e4da69b80f29 16140 apache2-suexec-custom_2.4.48-3.1ubuntu3.2_arm64.deb dd82670e979709ba67bde907440da7a5c2059722398dc657f65194686bc029ec 11590 apache2-suexec-pristine-dbgsym_2.4.48-3.1ubuntu3.2_arm64.ddeb 0a58b1e5268db7421e53011614e9e0ad3b5aa6c042a7291ed2198b594e979c1e 14602 apache2-suexec-pristine_2.4.48-3.1ubuntu3.2_arm64.deb b11e87542ad6f50a25c6405ef6fd387681e5989b5168e1cd66f2c4d690d4b363 120922 apache2-utils-dbgsym_2.4.48-3.1ubuntu3.2_arm64.ddeb c46eaab12e0f9f33dfbe37188a7d3c5de583b8e066efd1ccf9039d10fef83a71 87554 apache2-utils_2.4.48-3.1ubuntu3.2_arm64.deb d7968d5c7fcc0402a0cef9ce5627aa3be83347d6f9c8b3596fc6382fa05d0541 11803 apache2_2.4.48-3.1ubuntu3.2_arm64.buildinfo b2b1a9479af9beb2a64abcee3460298eb1b926ae78274ea63c5bb6cc867cd410 97832 apache2_2.4.48-3.1ubuntu3.2_arm64.deb 263852a1f4f9e0db51037d1630b6c4e2b468f038889f640f3765145ade3bcf75 804 libapache2-mod-md_2.4.48-3.1ubuntu3.2_arm64.deb 9a72d3f861cd5de1dc7af2a356096f01e6fcbd18ee46482c3848ce5654547a82 988 libapache2-mod-proxy-uwsgi_2.4.48-3.1ubuntu3.2_arm64.deb Files: ad993c829a11dbe5262a765c0884abc4 3874122 debug optional apache2-bin-dbgsym_2.4.48-3.1ubuntu3.2_arm64.ddeb 1e2eacef3683a18855c8235c131cd161 1282730 httpd optional apache2-bin_2.4.48-3.1ubuntu3.2_arm64.deb 2f56b59bcd30a464dd81ff09b86885ae 187444 httpd optional apache2-dev_2.4.48-3.1ubuntu3.2_arm64.deb 62533ef3553ffb8e639af1061f11a6ec 2988 httpd optional apache2-ssl-dev_2.4.48-3.1ubuntu3.2_arm64.deb 0184596b07d3642ab5b74efbe2abfbef 12884 debug optional apache2-suexec-custom-dbgsym_2.4.48-3.1ubuntu3.2_arm64.ddeb 6ec55b9824870e4c6953cbc11e6f6e85 16140 httpd optional apache2-suexec-custom_2.4.48-3.1ubuntu3.2_arm64.deb 2148f908394e2cf21ca65fa4b282e471 11590 debug optional apache2-suexec-pristine-dbgsym_2.4.48-3.1ubuntu3.2_arm64.ddeb 7363a224191a6bcea73b07e6d3eee2ff 14602 httpd optional apache2-suexec-pristine_2.4.48-3.1ubuntu3.2_arm64.deb 5d4428d008d1926d417131ce6e86f125 120922 debug optional apache2-utils-dbgsym_2.4.48-3.1ubuntu3.2_arm64.ddeb 18e5480a40083a2d1541cbaf4bf29190 87554 httpd optional apache2-utils_2.4.48-3.1ubuntu3.2_arm64.deb 672d8d0faed7a88e88c8e1c344ce4718 11803 httpd optional apache2_2.4.48-3.1ubuntu3.2_arm64.buildinfo f5f839121ba36f11992788cd1e9c776e 97832 httpd optional apache2_2.4.48-3.1ubuntu3.2_arm64.deb 8e959363a59f9a60e35416ed0de630aa 804 oldlibs optional libapache2-mod-md_2.4.48-3.1ubuntu3.2_arm64.deb 509a8a93df4a1981647b6722cf3d203e 988 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.48-3.1ubuntu3.2_arm64.deb Original-Maintainer: Debian Apache Maintainers