Format: 1.8 Date: Wed, 05 Jan 2022 09:49:56 -0500 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Architecture: riscv64 Version: 2.4.41-4ubuntu3.9 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.41-4ubuntu3.9) focal-security; urgency=medium . * SECURITY UPDATE: DoS or SSRF via forward proxy - debian/patches/CVE-2021-44224-1.patch: enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname in include/http_protocol.h, modules/http/http_request.c, modules/http2/h2_request.c, modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c, server/protocol.c. - debian/patches/CVE-2021-44224-2.patch: don't prevent forwarding URIs w/ no hostname in modules/proxy/mod_proxy.c, modules/proxy/proxy_util.c. - CVE-2021-44224 * SECURITY UPDATE: overflow in mod_lua multipart parser - debian/patches/CVE-2021-44790.patch: improve error handling in modules/lua/lua_request.c. - CVE-2021-44790 Checksums-Sha1: ea2b01117b772c8d3096802dd38a63766bcdf242 4783364 apache2-bin-dbgsym_2.4.41-4ubuntu3.9_riscv64.ddeb b5ae542a37944ce4258af7a8b549f5288d95b72b 1000072 apache2-bin_2.4.41-4ubuntu3.9_riscv64.deb 41318b92df1cb1c1b555382dac5d4dc5ef2d1203 179368 apache2-dev_2.4.41-4ubuntu3.9_riscv64.deb bb04d96138b60534911aceb8b5586ab9a49b1cfe 3160 apache2-ssl-dev_2.4.41-4ubuntu3.9_riscv64.deb f7625ddcba297ac89d37697a49c67660b5c232fc 12784 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.9_riscv64.ddeb 8c619f22275e77048eaea302bec9fcb35abda04b 14736 apache2-suexec-custom_2.4.41-4ubuntu3.9_riscv64.deb a0fba97c951c9227363e6bd24cd9fa8f4e50c959 11604 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.9_riscv64.ddeb b8e6cd85b8a8751de03d25e43c22d465254d328d 13256 apache2-suexec-pristine_2.4.41-4ubuntu3.9_riscv64.deb bdd164a6a75fbf30ec66174ab56da334d53fafaf 140108 apache2-utils-dbgsym_2.4.41-4ubuntu3.9_riscv64.ddeb 7c2e4cf18c08c8123fc2a779cc49655958bc650a 79868 apache2-utils_2.4.41-4ubuntu3.9_riscv64.deb 9e731d525b7d86888b9f68cd9cda4edde82a1a7b 11654 apache2_2.4.41-4ubuntu3.9_riscv64.buildinfo 8fbe88746d5054cf31143764f7dacc92b980e73a 95528 apache2_2.4.41-4ubuntu3.9_riscv64.deb feee22156c7356071c21f3be68ccd7339495d80b 992 libapache2-mod-md_2.4.41-4ubuntu3.9_riscv64.deb ebe778881863a0cb0977433978cbe42405133300 1184 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.9_riscv64.deb Checksums-Sha256: 0ab2b43d05bad12c1a150febd2a7015a9642fcb029c77864de7c68f24c059826 4783364 apache2-bin-dbgsym_2.4.41-4ubuntu3.9_riscv64.ddeb 843f2f0211a5efb1ef650889c74719758231d0738f277b36dc873032e71560a1 1000072 apache2-bin_2.4.41-4ubuntu3.9_riscv64.deb 6104008bf238ce5ae1692ef149e3623a0d21f4a1c4cec3f00f4f2958e52eddc8 179368 apache2-dev_2.4.41-4ubuntu3.9_riscv64.deb 8e2e8515f6476fbf06a7fa21f870d2ddafddc91fb4c22ef9f2bb606bcf7e2013 3160 apache2-ssl-dev_2.4.41-4ubuntu3.9_riscv64.deb 95f5125a8fd6dce53e8c5a47249e00f5d68f1c777557e746f6eab6fef7eeb793 12784 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.9_riscv64.ddeb 945fc4f3501b448f34b61ecbb6ea4c27a0e5f4b10e5c1f48ec7962682dcc3738 14736 apache2-suexec-custom_2.4.41-4ubuntu3.9_riscv64.deb f8e2728399ab3e747955a0cd495fd6f3dc6598d0a83d3c71e537dff0eb879e8a 11604 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.9_riscv64.ddeb 357e24a539120a2f806eb668a86bfaf233b378345518bac775a11eb3f41e584e 13256 apache2-suexec-pristine_2.4.41-4ubuntu3.9_riscv64.deb 8b98b641333362d137f495c13c3aa1cf86b9126de4bce5cac94df47222e23cda 140108 apache2-utils-dbgsym_2.4.41-4ubuntu3.9_riscv64.ddeb 15bca1cf446bcfd29060ee62982fc6f5e29ff8fc08b50155bbca31f7d64e99d3 79868 apache2-utils_2.4.41-4ubuntu3.9_riscv64.deb cd2aa8bc625b75945fb904ae7497158fa2e4dcbd3ee299c7f2aee782e6b2018c 11654 apache2_2.4.41-4ubuntu3.9_riscv64.buildinfo e127b22b491eef46a3704d9d45631e35df269bf82b71c4037aba9be4f2b552c9 95528 apache2_2.4.41-4ubuntu3.9_riscv64.deb bbe3b4b766a9f02f7a59ef0423733ac62fba07bc31841c78b7e304ffedf10624 992 libapache2-mod-md_2.4.41-4ubuntu3.9_riscv64.deb 0fcc2c24bd0059ef60d24540ea4463555887cf5933ac63a203dff072465f29ae 1184 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.9_riscv64.deb Files: 0281356cb93e0eaf5aa3a2503f0de459 4783364 debug optional apache2-bin-dbgsym_2.4.41-4ubuntu3.9_riscv64.ddeb 2d6b9c53978304814ce217711c1ac10b 1000072 httpd optional apache2-bin_2.4.41-4ubuntu3.9_riscv64.deb c26372b04d03b088daff9bff4cba5063 179368 httpd optional apache2-dev_2.4.41-4ubuntu3.9_riscv64.deb 164c0aa2ad3ae3af96d2451f9385f2bd 3160 httpd optional apache2-ssl-dev_2.4.41-4ubuntu3.9_riscv64.deb 69519edce668c128d9c5c32034ec7983 12784 debug optional apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.9_riscv64.ddeb 1cfabc295baedce893d2a6dbfdae549c 14736 httpd optional apache2-suexec-custom_2.4.41-4ubuntu3.9_riscv64.deb 5db00e3389399078cb22777aec772788 11604 debug optional apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.9_riscv64.ddeb 18fc11ba7de4ae2ac8926f8863df4e41 13256 httpd optional apache2-suexec-pristine_2.4.41-4ubuntu3.9_riscv64.deb ec9a3eca7e1908fc687c41731dbd0689 140108 debug optional apache2-utils-dbgsym_2.4.41-4ubuntu3.9_riscv64.ddeb 38ba9ca84f694d815e9fbd6025b7315e 79868 httpd optional apache2-utils_2.4.41-4ubuntu3.9_riscv64.deb 065da3227e316f61e391da0a02622f87 11654 httpd optional apache2_2.4.41-4ubuntu3.9_riscv64.buildinfo dc99c7da468606cac0b3331b2b269bbc 95528 httpd optional apache2_2.4.41-4ubuntu3.9_riscv64.deb 541a633da175b9f163384223e738ec51 992 oldlibs optional libapache2-mod-md_2.4.41-4ubuntu3.9_riscv64.deb dd29dfe48d97dfda889827325e06a2da 1184 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.9_riscv64.deb Original-Maintainer: Debian Apache Maintainers