Format: 1.8
Date: Wed, 16 Mar 2022 12:52:53 -0400
Source: apache2
Binary: apache2 apache2-bin apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: amd64 all
Version: 2.4.41-4ubuntu3.10
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy02-amd64-053.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Changes:
 apache2 (2.4.41-4ubuntu3.10) focal-security; urgency=medium
 .
   * SECURITY UPDATE: OOB read in mod_lua via crafted request body
     - debian/patches/CVE-2022-22719.patch: error out if lua_read_body() or
       lua_write_body() fail in modules/lua/lua_request.c.
     - CVE-2022-22719
   * SECURITY UPDATE: HTTP Request Smuggling via error discarding the
     request body
     - debian/patches/CVE-2022-22720.patch: simpler connection close logic
       if discarding the request body fails in modules/http/http_filters.c,
       server/protocol.c.
     - CVE-2022-22720
   * SECURITY UPDATE: overflow via large LimitXMLRequestBody
     - debian/patches/CVE-2022-22721.patch: make sure and check that
       LimitXMLRequestBody fits in system memory in server/core.c,
       server/util.c, server/util_xml.c.
     - CVE-2022-22721
   * SECURITY UPDATE: out-of-bounds write in mod_sed
     - debian/patches/CVE-2022-23943-1.patch: use size_t to allow for larger
       buffer sizes and unsigned arithmetics in modules/filters/libsed.h,
       modules/filters/mod_sed.c, modules/filters/sed1.c.
     - debian/patches/CVE-2022-23943-2.patch: improve the logic flow in
       modules/filters/mod_sed.c.
     - CVE-2022-23943
Checksums-Sha1:
 305567266e33aad24ba4c4048778c6238bca2531 4831700 apache2-bin-dbgsym_2.4.41-4ubuntu3.10_amd64.ddeb
 9e7294b7c17a2acaed11b59ed7bbee9d17d3980f 1180808 apache2-bin_2.4.41-4ubuntu3.10_amd64.deb
 668f898f901809b5b7910e83b6268c7b58527ad1 158492 apache2-data_2.4.41-4ubuntu3.10_all.deb
 ee6ec9d8fb86eb2a782491b040b750f850e76303 179664 apache2-dev_2.4.41-4ubuntu3.10_amd64.deb
 87212af80a65f77f828089c04c8dcdaea2c51881 3848332 apache2-doc_2.4.41-4ubuntu3.10_all.deb
 5350c3326b6e31ca262f4a001480c03687e63526 3156 apache2-ssl-dev_2.4.41-4ubuntu3.10_amd64.deb
 a41fdff5a56f9e884881aa8dd81ec6397737000c 12964 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.10_amd64.ddeb
 b0d49a9f6af7c1d83649523381e09aab38c176d1 15628 apache2-suexec-custom_2.4.41-4ubuntu3.10_amd64.deb
 cbbb31fe2158e3f1e3c60a0e68b3e5935b3cb522 11748 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.10_amd64.ddeb
 d792dfcceedf8849c2e7abf262d4b3e13d4d0c24 14048 apache2-suexec-pristine_2.4.41-4ubuntu3.10_amd64.deb
 dd668244682bd31ae3bc11f60faf19873ca5f2b8 138616 apache2-utils-dbgsym_2.4.41-4ubuntu3.10_amd64.ddeb
 c7a0fd518bea0cf893022597fd0470c4d417412f 84548 apache2-utils_2.4.41-4ubuntu3.10_amd64.deb
 bf18938189cf76b865e313a06dcdeff595238ec6 12490 apache2_2.4.41-4ubuntu3.10_amd64.buildinfo
 1ac777829bd7c893015af5aea67210f0821e7063 95520 apache2_2.4.41-4ubuntu3.10_amd64.deb
 96bc49b09f5fcec01f441e267e35b3a7c0a13175 988 libapache2-mod-md_2.4.41-4ubuntu3.10_amd64.deb
 5a02e6c9b2481d95785d6b065b52859494fb927c 1184 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.10_amd64.deb
Checksums-Sha256:
 0daa7b93c996695d686b6f8c42a9a6b9b41d9bfdc93c962ff5386e29cd5c310d 4831700 apache2-bin-dbgsym_2.4.41-4ubuntu3.10_amd64.ddeb
 59146ae86c18d95b7016dbb3c881e5ff23006097562383a2eff44f0050a9a17f 1180808 apache2-bin_2.4.41-4ubuntu3.10_amd64.deb
 fb453dc197ad20b77c83d6ef8846741360a16335e8af6d86a34131ddd7382986 158492 apache2-data_2.4.41-4ubuntu3.10_all.deb
 c5cf94b18076d16f1e454670a29e912f60d0cb931803d75af3cec1e2948f8dfb 179664 apache2-dev_2.4.41-4ubuntu3.10_amd64.deb
 c8c76580d73bc20d0d8fb9cff4685bd8b8fc59ea8f309790e0b0b3e28da207ef 3848332 apache2-doc_2.4.41-4ubuntu3.10_all.deb
 735a136be6eefa7f9203a4ae9d99f1435c34eeb01834f2974a99e0af1b1f6fa2 3156 apache2-ssl-dev_2.4.41-4ubuntu3.10_amd64.deb
 5784842933e2a19f6e12797a1819e3de435af7361dc9bbb30cf1fc81a209002f 12964 apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.10_amd64.ddeb
 81fc7876cf8d584ede110b1804accffb41e57aeda45e7af95d995fbc8d6d4f22 15628 apache2-suexec-custom_2.4.41-4ubuntu3.10_amd64.deb
 ffa7451b61824aa05c2e410802ee8917fee20dd23aac12e5de80f763d0b7c46b 11748 apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.10_amd64.ddeb
 592a180bc6acfd814ed6a054d12cbe8f11157977b857c36e177b546f5ef2b519 14048 apache2-suexec-pristine_2.4.41-4ubuntu3.10_amd64.deb
 7941b3805a7bcfc87fa2a66e773f648e248e53c4cc4d7e4bba75adfa8a697a01 138616 apache2-utils-dbgsym_2.4.41-4ubuntu3.10_amd64.ddeb
 b14530f995e982fb077633db30f8d7e9d3e48ca70297fa8a90c56b67243bb493 84548 apache2-utils_2.4.41-4ubuntu3.10_amd64.deb
 b1e2dd262a2b460ab0112f3cad3a76ad425c7ecfc0d131027aad7a9515b64af5 12490 apache2_2.4.41-4ubuntu3.10_amd64.buildinfo
 446d983496f1eb2555ed0028bad15bd3f3e295b56c0ccf3878736462ad0ea8eb 95520 apache2_2.4.41-4ubuntu3.10_amd64.deb
 9697948e1ab37df2016b53b80f665ffc25c1f6e2e6d89e5ab1a4783fe06d99ef 988 libapache2-mod-md_2.4.41-4ubuntu3.10_amd64.deb
 0735553259179c99e963b6ae9f61eee13d05cd7bb3368caea371b022f18092fe 1184 libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.10_amd64.deb
Files:
 d1ef8fa4dbebde6129ae97cb1abd4bf4 4831700 debug optional apache2-bin-dbgsym_2.4.41-4ubuntu3.10_amd64.ddeb
 8bcf6314ee2463eef2d432b69f764e92 1180808 httpd optional apache2-bin_2.4.41-4ubuntu3.10_amd64.deb
 4498ca96e94a57ee928304e0391258b7 158492 httpd optional apache2-data_2.4.41-4ubuntu3.10_all.deb
 2a8a6504a186fe89b40e9b98e94ab401 179664 httpd optional apache2-dev_2.4.41-4ubuntu3.10_amd64.deb
 056670d2a4c99ed9a56dfe839303012e 3848332 doc optional apache2-doc_2.4.41-4ubuntu3.10_all.deb
 8bc0c5997e29819ae0d2d3e0ec21edd2 3156 httpd optional apache2-ssl-dev_2.4.41-4ubuntu3.10_amd64.deb
 1e8727ba9369fd075b98d3380065f7f7 12964 debug optional apache2-suexec-custom-dbgsym_2.4.41-4ubuntu3.10_amd64.ddeb
 2feb28940ebc78a465274498df361a28 15628 httpd optional apache2-suexec-custom_2.4.41-4ubuntu3.10_amd64.deb
 d018615636ebc6e24176c78605a85d72 11748 debug optional apache2-suexec-pristine-dbgsym_2.4.41-4ubuntu3.10_amd64.ddeb
 cefa3ea4f67f42d5f8743b2009b92b03 14048 httpd optional apache2-suexec-pristine_2.4.41-4ubuntu3.10_amd64.deb
 f49432f5e9deaa6e926535d107553a20 138616 debug optional apache2-utils-dbgsym_2.4.41-4ubuntu3.10_amd64.ddeb
 846c29cba84d47712d25b4e55726e5ae 84548 httpd optional apache2-utils_2.4.41-4ubuntu3.10_amd64.deb
 91d806c9c4e359c3b9f4c41a67899dc8 12490 httpd optional apache2_2.4.41-4ubuntu3.10_amd64.buildinfo
 13148b462460062607082be0f6dd46e3 95520 httpd optional apache2_2.4.41-4ubuntu3.10_amd64.deb
 5011cf699ffa1320d82f4048fc369158 988 oldlibs optional libapache2-mod-md_2.4.41-4ubuntu3.10_amd64.deb
 3a6700f1ac031acf4606262d15bbd46d 1184 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.41-4ubuntu3.10_amd64.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>