Format: 1.8
Date: Wed, 16 Mar 2022 12:46:16 -0400
Source: apache2
Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi
Built-For-Profiles: noudeb
Architecture: i386
Version: 2.4.48-3.1ubuntu3.3
Distribution: impish
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy02-amd64-025.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Changes:
 apache2 (2.4.48-3.1ubuntu3.3) impish-security; urgency=medium
 .
   * SECURITY UPDATE: OOB read in mod_lua via crafted request body
     - debian/patches/CVE-2022-22719.patch: error out if lua_read_body() or
       lua_write_body() fail in modules/lua/lua_request.c.
     - CVE-2022-22719
   * SECURITY UPDATE: HTTP Request Smuggling via error discarding the
     request body
     - debian/patches/CVE-2022-22720.patch: simpler connection close logic
       if discarding the request body fails in modules/http/http_filters.c,
       server/protocol.c.
     - CVE-2022-22720
   * SECURITY UPDATE: overflow via large LimitXMLRequestBody
     - debian/patches/CVE-2022-22721.patch: make sure and check that
       LimitXMLRequestBody fits in system memory in server/core.c,
       server/util.c, server/util_xml.c.
     - CVE-2022-22721
   * SECURITY UPDATE: out-of-bounds write in mod_sed
     - debian/patches/CVE-2022-23943-1.patch: use size_t to allow for larger
       buffer sizes and unsigned arithmetics in modules/filters/libsed.h,
       modules/filters/mod_sed.c, modules/filters/sed1.c.
     - debian/patches/CVE-2022-23943-2.patch: improve the logic flow in
       modules/filters/mod_sed.c.
     - CVE-2022-23943
Checksums-Sha1:
 fe7a3fd19cdf69e759da13faae40e9590aa88355 3200288 apache2-bin-dbgsym_2.4.48-3.1ubuntu3.3_i386.ddeb
 8ba3613670974ee12bba86d833b3553c35e85deb 1413784 apache2-bin_2.4.48-3.1ubuntu3.3_i386.deb
 0416be9d69016b178ba5e5db5c4a07fec55ae6b0 187494 apache2-dev_2.4.48-3.1ubuntu3.3_i386.deb
 47a6eba79576691bcb45e289d25d09334fb73f22 2984 apache2-ssl-dev_2.4.48-3.1ubuntu3.3_i386.deb
 d8b75d22b51de515652e76ac10a969e7b62e6857 11600 apache2-suexec-custom-dbgsym_2.4.48-3.1ubuntu3.3_i386.ddeb
 5714550ab3b6c65c46139cc56d943535d8c857c0 16364 apache2-suexec-custom_2.4.48-3.1ubuntu3.3_i386.deb
 375f79005d8341a95f63d4fe91afe5151126281d 10296 apache2-suexec-pristine-dbgsym_2.4.48-3.1ubuntu3.3_i386.ddeb
 32e89d584f5693f3d6580a12a787a7975fb9373e 14714 apache2-suexec-pristine_2.4.48-3.1ubuntu3.3_i386.deb
 931f29b349cb0f7dc5f2d71823f172a840722e8e 109472 apache2-utils-dbgsym_2.4.48-3.1ubuntu3.3_i386.ddeb
 f04750382aac815809b13f11a22e74ebc03981bb 93106 apache2-utils_2.4.48-3.1ubuntu3.3_i386.deb
 7fb86108cc5090fa2c38fc1556ea803f5f07dacf 11773 apache2_2.4.48-3.1ubuntu3.3_i386.buildinfo
 bd8b2a5df7aa3366f8d80772be1930cd8b36679f 97832 apache2_2.4.48-3.1ubuntu3.3_i386.deb
 dea1093c789fb329e77165fb2c3e74fc8e137b8c 802 libapache2-mod-md_2.4.48-3.1ubuntu3.3_i386.deb
 ed0697a1e8cf4604e55f48e5c9d2e45be71d74f1 988 libapache2-mod-proxy-uwsgi_2.4.48-3.1ubuntu3.3_i386.deb
Checksums-Sha256:
 e2abaa5578f56b777ff2f45182f57e1b33ee3a79bdfe5ac4478d1fc583fc997e 3200288 apache2-bin-dbgsym_2.4.48-3.1ubuntu3.3_i386.ddeb
 79c51ccc0a2b44e9d7559f754e1370a475a50e0a73ff9f5695444a33f15f5b79 1413784 apache2-bin_2.4.48-3.1ubuntu3.3_i386.deb
 5014641055287958201439e1066e7598f7df1ef20cc87231ed9b4ec4a1409ed0 187494 apache2-dev_2.4.48-3.1ubuntu3.3_i386.deb
 8245f8b2876314ffad7edfb308502ee7a9b880e6d12af7e90aa3b4808c075d35 2984 apache2-ssl-dev_2.4.48-3.1ubuntu3.3_i386.deb
 e96f23e9990664db8c167f67cc6c860847020896800c242b2bcbd1c1e569d4dd 11600 apache2-suexec-custom-dbgsym_2.4.48-3.1ubuntu3.3_i386.ddeb
 cc95cb1d4e080e4103020770e2e5c0f449fde12286f8587005286bc391cbed77 16364 apache2-suexec-custom_2.4.48-3.1ubuntu3.3_i386.deb
 7732f85fd58d35ce4c57e4563608e1760d565221be551a33d58a41784c5489da 10296 apache2-suexec-pristine-dbgsym_2.4.48-3.1ubuntu3.3_i386.ddeb
 72c4262802430747cd44b19ad0ee6e24ec3fd69149fc3ac31ad107a730a2bb1d 14714 apache2-suexec-pristine_2.4.48-3.1ubuntu3.3_i386.deb
 5256e049d54473a0b59b99e2d4ad23b7af92586258bd2da30ec60a3552dbd781 109472 apache2-utils-dbgsym_2.4.48-3.1ubuntu3.3_i386.ddeb
 5a87283e71b95346389a69c8126dd89f8d09f16fb0eb8fa6d15817fb6897749a 93106 apache2-utils_2.4.48-3.1ubuntu3.3_i386.deb
 fcf6c12c0b6a0029b8459c7bfaf33ba6dc2e26067be63744683b291dc85bfbf0 11773 apache2_2.4.48-3.1ubuntu3.3_i386.buildinfo
 18f67482772be3da965c1335ab78b7918c00efa57950b0c4f394c104fe4c8904 97832 apache2_2.4.48-3.1ubuntu3.3_i386.deb
 7570e7ccde0b29c3deb90ef347d43ee977fa382139d79b3bd8754fd74ae6e559 802 libapache2-mod-md_2.4.48-3.1ubuntu3.3_i386.deb
 9903d42d8c2e608d415b7e350de8896d86e87f5f373f5985b58f938415cd7a59 988 libapache2-mod-proxy-uwsgi_2.4.48-3.1ubuntu3.3_i386.deb
Files:
 7859d1e9ec3abd13374143b344432df1 3200288 debug optional apache2-bin-dbgsym_2.4.48-3.1ubuntu3.3_i386.ddeb
 dd6d44386d53bbdc90d4d78ea5cb6136 1413784 httpd optional apache2-bin_2.4.48-3.1ubuntu3.3_i386.deb
 c40da5fa720157b3d36f3cea90b8fd6f 187494 httpd optional apache2-dev_2.4.48-3.1ubuntu3.3_i386.deb
 81142df62ba1339ef9c357beab597a93 2984 httpd optional apache2-ssl-dev_2.4.48-3.1ubuntu3.3_i386.deb
 6d7c9fad710b0cbc8cc326cf5145d41e 11600 debug optional apache2-suexec-custom-dbgsym_2.4.48-3.1ubuntu3.3_i386.ddeb
 9ed0bf4b7995dbf908ee2fc601bca1c8 16364 httpd optional apache2-suexec-custom_2.4.48-3.1ubuntu3.3_i386.deb
 c2ce7bae14819a31352bee4e9188a75c 10296 debug optional apache2-suexec-pristine-dbgsym_2.4.48-3.1ubuntu3.3_i386.ddeb
 1bf5de5014d0ab3c02dbf69189747025 14714 httpd optional apache2-suexec-pristine_2.4.48-3.1ubuntu3.3_i386.deb
 5417c458f22cae42508ff284270aa756 109472 debug optional apache2-utils-dbgsym_2.4.48-3.1ubuntu3.3_i386.ddeb
 2ad0d16b4116975e20602f8ee4198a0e 93106 httpd optional apache2-utils_2.4.48-3.1ubuntu3.3_i386.deb
 031706ca9aefe9dc38b49a48542a3131 11773 httpd optional apache2_2.4.48-3.1ubuntu3.3_i386.buildinfo
 86b9aab83ac4598bf6e4cc7c5d417725 97832 httpd optional apache2_2.4.48-3.1ubuntu3.3_i386.deb
 ad4dc3f4e0a6816dbd13f40751783232 802 oldlibs optional libapache2-mod-md_2.4.48-3.1ubuntu3.3_i386.deb
 71636752d3f83c043e187d2da518e984 988 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.48-3.1ubuntu3.3_i386.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>