Format: 1.8
Date: Wed, 16 Mar 2022 12:46:16 -0400
Source: apache2
Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi
Built-For-Profiles: noudeb
Architecture: ppc64el
Version: 2.4.48-3.1ubuntu3.3
Distribution: impish
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-ppc64el-023.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Changes:
 apache2 (2.4.48-3.1ubuntu3.3) impish-security; urgency=medium
 .
   * SECURITY UPDATE: OOB read in mod_lua via crafted request body
     - debian/patches/CVE-2022-22719.patch: error out if lua_read_body() or
       lua_write_body() fail in modules/lua/lua_request.c.
     - CVE-2022-22719
   * SECURITY UPDATE: HTTP Request Smuggling via error discarding the
     request body
     - debian/patches/CVE-2022-22720.patch: simpler connection close logic
       if discarding the request body fails in modules/http/http_filters.c,
       server/protocol.c.
     - CVE-2022-22720
   * SECURITY UPDATE: overflow via large LimitXMLRequestBody
     - debian/patches/CVE-2022-22721.patch: make sure and check that
       LimitXMLRequestBody fits in system memory in server/core.c,
       server/util.c, server/util_xml.c.
     - CVE-2022-22721
   * SECURITY UPDATE: out-of-bounds write in mod_sed
     - debian/patches/CVE-2022-23943-1.patch: use size_t to allow for larger
       buffer sizes and unsigned arithmetics in modules/filters/libsed.h,
       modules/filters/mod_sed.c, modules/filters/sed1.c.
     - debian/patches/CVE-2022-23943-2.patch: improve the logic flow in
       modules/filters/mod_sed.c.
     - CVE-2022-23943
Checksums-Sha1:
 0ca207f1ea9c90226ddcbf39106c01bdde7ac41c 3912070 apache2-bin-dbgsym_2.4.48-3.1ubuntu3.3_ppc64el.ddeb
 eda22191b200e5c933c47a1419f173d90fc9609a 1523140 apache2-bin_2.4.48-3.1ubuntu3.3_ppc64el.deb
 b7f04ad36d4564e57a233e78a6fbf183eda50a90 187510 apache2-dev_2.4.48-3.1ubuntu3.3_ppc64el.deb
 0384e1d2ef474dccffb5644ae2511b44e2e3efa9 2986 apache2-ssl-dev_2.4.48-3.1ubuntu3.3_ppc64el.deb
 c7a43fddb3c1e45fb5859a7908e2fcba1bc1fc00 13376 apache2-suexec-custom-dbgsym_2.4.48-3.1ubuntu3.3_ppc64el.ddeb
 977f4467443dae8782b7ddd5d69ca063cef35042 16430 apache2-suexec-custom_2.4.48-3.1ubuntu3.3_ppc64el.deb
 4f8998440f4819fff12ce75939ab5957b2760a13 11956 apache2-suexec-pristine-dbgsym_2.4.48-3.1ubuntu3.3_ppc64el.ddeb
 6766b4d51e654eff0532ecf3c13a9091b6fa1873 14740 apache2-suexec-pristine_2.4.48-3.1ubuntu3.3_ppc64el.deb
 21aea9d348f0fb9edcd78c871ffc647ae06c4619 130002 apache2-utils-dbgsym_2.4.48-3.1ubuntu3.3_ppc64el.ddeb
 decc33c59134e216ba9a41136a4f8fd0c02ae97e 94694 apache2-utils_2.4.48-3.1ubuntu3.3_ppc64el.deb
 4ea4879ddc8d2ec258400c6ec9ae582096243b55 11965 apache2_2.4.48-3.1ubuntu3.3_ppc64el.buildinfo
 d5da478f59a041b418d78e6ec7c87edd69323ef0 97836 apache2_2.4.48-3.1ubuntu3.3_ppc64el.deb
 0a09421dcfd9571b99d4229eb0f1a44110f1656c 804 libapache2-mod-md_2.4.48-3.1ubuntu3.3_ppc64el.deb
 a2384757f4804890a6db9ce1759c49a39ca42f47 990 libapache2-mod-proxy-uwsgi_2.4.48-3.1ubuntu3.3_ppc64el.deb
Checksums-Sha256:
 d2377ba8a62b29b9aa25e711744937eb1c20b55d67c4891d5daa3ece1a8163d9 3912070 apache2-bin-dbgsym_2.4.48-3.1ubuntu3.3_ppc64el.ddeb
 33c2748119b571bc1b5632153057589d36b4388527156f8eb90d35f8467e9d16 1523140 apache2-bin_2.4.48-3.1ubuntu3.3_ppc64el.deb
 d475b1bb31bb8523eee47300efaa2435e1c3447df42c5d7e80ca15f6b09951b1 187510 apache2-dev_2.4.48-3.1ubuntu3.3_ppc64el.deb
 f64aa0fd5ef9c0dc86bf775b0516c8066aa695dc4636203e99a7752d8e5790c6 2986 apache2-ssl-dev_2.4.48-3.1ubuntu3.3_ppc64el.deb
 5a335e343a2daa991e2660cba6652f103f39859a1e36c0b8aeec0ff6958cf75c 13376 apache2-suexec-custom-dbgsym_2.4.48-3.1ubuntu3.3_ppc64el.ddeb
 c12b072a9e6c8eea419d06f4576d2f1fc5ebd9c76d3ba0f9ab6f1b537d4b58e7 16430 apache2-suexec-custom_2.4.48-3.1ubuntu3.3_ppc64el.deb
 21b5764fcbb49b851df64617dcc4b384037f8f80f111fe434981b72ca4b8f977 11956 apache2-suexec-pristine-dbgsym_2.4.48-3.1ubuntu3.3_ppc64el.ddeb
 476d835a20c1788677b8b01ec23672a513d3e8db31308aafc9c8b34c6c60a74c 14740 apache2-suexec-pristine_2.4.48-3.1ubuntu3.3_ppc64el.deb
 430a5b4bb673e09a3dce648f1ff94025d4ab7f648ec9577a8715d77d6a505d72 130002 apache2-utils-dbgsym_2.4.48-3.1ubuntu3.3_ppc64el.ddeb
 6c54a875fc213e01a1ca7e4d2608a1b2668e3dc9b4e08530ef5ebcbd118b5339 94694 apache2-utils_2.4.48-3.1ubuntu3.3_ppc64el.deb
 df89986ee7a999427db6ff662a9d585d14563f93403a2546fd1be48f4e3bf81a 11965 apache2_2.4.48-3.1ubuntu3.3_ppc64el.buildinfo
 51cea5cd8ff2ece137ec5bb5ff3bae51c4637de721286962bf7af4b8d405dcdf 97836 apache2_2.4.48-3.1ubuntu3.3_ppc64el.deb
 136558cf8de96a18515dac761798be02d567056056788ebb5c599fd2efd3b931 804 libapache2-mod-md_2.4.48-3.1ubuntu3.3_ppc64el.deb
 953ebbb164258c945f088fc05722933c5b64ecad32ca7b033f6579407a7cf2fb 990 libapache2-mod-proxy-uwsgi_2.4.48-3.1ubuntu3.3_ppc64el.deb
Files:
 a44b95939c0a2b5fd76fc86c3a9bccd3 3912070 debug optional apache2-bin-dbgsym_2.4.48-3.1ubuntu3.3_ppc64el.ddeb
 f70cb457834b070b62eb2b655451a1a8 1523140 httpd optional apache2-bin_2.4.48-3.1ubuntu3.3_ppc64el.deb
 be2d5675297fc94bf7e5f1e0c9d691ce 187510 httpd optional apache2-dev_2.4.48-3.1ubuntu3.3_ppc64el.deb
 834d01d92df922ebeddf03b7f6fd8e70 2986 httpd optional apache2-ssl-dev_2.4.48-3.1ubuntu3.3_ppc64el.deb
 6ef8a04477782bc93a62ae0e5e52f34b 13376 debug optional apache2-suexec-custom-dbgsym_2.4.48-3.1ubuntu3.3_ppc64el.ddeb
 55dd1b6b72e40ed5b421e72cef75a88d 16430 httpd optional apache2-suexec-custom_2.4.48-3.1ubuntu3.3_ppc64el.deb
 ad34bce27bfd577e45d32d5975540aff 11956 debug optional apache2-suexec-pristine-dbgsym_2.4.48-3.1ubuntu3.3_ppc64el.ddeb
 f854c76245e05999658248f2206937ee 14740 httpd optional apache2-suexec-pristine_2.4.48-3.1ubuntu3.3_ppc64el.deb
 a3bc976f0c3fdf9528bbe057bd5cd19d 130002 debug optional apache2-utils-dbgsym_2.4.48-3.1ubuntu3.3_ppc64el.ddeb
 77a593b81fd8421ede6b96e1b0a5fab2 94694 httpd optional apache2-utils_2.4.48-3.1ubuntu3.3_ppc64el.deb
 93aaf03137a26357aded6cffb391a58c 11965 httpd optional apache2_2.4.48-3.1ubuntu3.3_ppc64el.buildinfo
 0b07935afe50513615f9ede68606c9fb 97836 httpd optional apache2_2.4.48-3.1ubuntu3.3_ppc64el.deb
 7eaea41523e67ee2fd7249f2c69a7aac 804 oldlibs optional libapache2-mod-md_2.4.48-3.1ubuntu3.3_ppc64el.deb
 ab2e850ba01ce1396e38b8804275f0e2 990 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.48-3.1ubuntu3.3_ppc64el.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>