Format: 1.8
Date: Tue, 14 Jun 2022 14:52:48 -0300
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg
Architecture: i386
Version: 2.4.29-1ubuntu4.24
Distribution: bionic
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy02-amd64-101.buildd>
Changed-By: Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
Changes:
 apache2 (2.4.29-1ubuntu4.24) bionic-security; urgency=medium
 .
   * SECURITY UPDATE: HTTP Request Smuggling
     - debian/patches/CVE-2022-26377.patch: changing
       precedence between T-E and C-L in modules/proxy/mod_proxy_ajp.c.
     - CVE-2022-26377
   * SECURITY UPDATE: Read beyond bounds
     - debian/patches/CVE-2022-28614.patch: handle large
       writes in ap_rputs.
       in server/util.c.
     - CVE-2022-28614
   * SECURITY UPDATE: Read beyond bounds
     - debian/patches/CVE-2022-28615.patch: fix types
       in server/util.c.
     - CVE-2022-28615
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2022-29404.patch: cast first
       in modules/lua/lua_request.c.
     - CVE-2022-29404
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2022-30522.patch: limit mod_sed
       memory use in modules/filters/mod_sec.c,
       modules/filters/sed1.c.
     - CVE-2022-30522
   * SECURITY UPDATE: Returning point past of the buffer
     - debian/patches/CVE-2022-30556.patch: use filters consistently
       in modules/lua/lua_request.c.
     - CVE-2022-30556
   * SECURITY UPDATE: Bypass IP authentication
     - debian/patches/CVE-2022-31813.patch: to clear
       hop-by-hop first and fixup last in modules/proxy/proxy_util.c.
     - CVE-2022-31813
Checksums-Sha1:
 fc569a8374b1c88c355e24f0073703b131eb95e8 1140336 apache2-bin_2.4.29-1ubuntu4.24_i386.deb
 2a6399bedee2669185d0a92d07d36bd0c7a57182 3555284 apache2-dbg_2.4.29-1ubuntu4.24_i386.deb
 a934a38417f97972a95d16705ee2aa19c2a6e42a 178072 apache2-dev_2.4.29-1ubuntu4.24_i386.deb
 11ac9ec9bc2382a69bc149c8ca04a84c061ce230 2392 apache2-ssl-dev_2.4.29-1ubuntu4.24_i386.deb
 f8ee36ab64a3bde88c0d8737cb0972904f174a0e 15328 apache2-suexec-custom_2.4.29-1ubuntu4.24_i386.deb
 738a335b91318026090418a4c16c1269b7ed0dc4 13768 apache2-suexec-pristine_2.4.29-1ubuntu4.24_i386.deb
 637eadcd5321feb2a0c74288a55def69e19e2e3a 88604 apache2-utils_2.4.29-1ubuntu4.24_i386.deb
 4e1c97c16b6ca94108c509a350c1dfa297b5258d 10306 apache2_2.4.29-1ubuntu4.24_i386.buildinfo
 4a99542eb9c4c84b7e8e7518108b9b96f7463de9 95132 apache2_2.4.29-1ubuntu4.24_i386.deb
Checksums-Sha256:
 7721ade226b1aff822a33836d6819dc26b3319c1a12120b568a27faa16bede79 1140336 apache2-bin_2.4.29-1ubuntu4.24_i386.deb
 376fad5c631623991885aa3a8d2f0b8d23fa9bcfa95eef6428835823780b1f36 3555284 apache2-dbg_2.4.29-1ubuntu4.24_i386.deb
 e48bd43810cefd19efdb65fd68c5b1d0498718c13754e9466dc905571c5edce7 178072 apache2-dev_2.4.29-1ubuntu4.24_i386.deb
 4292499cfe27a3f90d7ce3861eb650d657dcc8fde1b53739a51733526ac5d302 2392 apache2-ssl-dev_2.4.29-1ubuntu4.24_i386.deb
 1ad31f7a2997de3649c325a190873a6b13771c5f64610c1b599d1a4d2346d7c2 15328 apache2-suexec-custom_2.4.29-1ubuntu4.24_i386.deb
 c25f66539f6bde180d168d627f136791e9a147beae88b97b890c8b7491322998 13768 apache2-suexec-pristine_2.4.29-1ubuntu4.24_i386.deb
 27093526a1d59aefc80bf6f77e2a29d9e2f5865b0a9e653abff9ab253d2c79ea 88604 apache2-utils_2.4.29-1ubuntu4.24_i386.deb
 e2ab73d2954157980090174c77059136f7e5feac9c67b2c204dfb7351810eedb 10306 apache2_2.4.29-1ubuntu4.24_i386.buildinfo
 4f2e687647e921cc8e79de81b3e0cc95790a430c5f52e95b177f17d574f73c33 95132 apache2_2.4.29-1ubuntu4.24_i386.deb
Files:
 bbcd504914716093abda21e9924264d5 1140336 httpd optional apache2-bin_2.4.29-1ubuntu4.24_i386.deb
 e8ac4297bb81963693368425ba858f2f 3555284 debug optional apache2-dbg_2.4.29-1ubuntu4.24_i386.deb
 d6a8c9e0c63deafc96cb91c9f81dfe9a 178072 httpd optional apache2-dev_2.4.29-1ubuntu4.24_i386.deb
 6b70e2b7c951f32620310d873d7f1b4a 2392 httpd optional apache2-ssl-dev_2.4.29-1ubuntu4.24_i386.deb
 d8ad6bdb45e10cf549c8c955a3bd69ae 15328 httpd optional apache2-suexec-custom_2.4.29-1ubuntu4.24_i386.deb
 ebc4055bcb61cb4b1c686fd0611b1ff9 13768 httpd optional apache2-suexec-pristine_2.4.29-1ubuntu4.24_i386.deb
 91879dccde20888de3447f7a1927def8 88604 httpd optional apache2-utils_2.4.29-1ubuntu4.24_i386.deb
 bc9dc6b9d22ba16d91881f367aa0a8d1 10306 httpd optional apache2_2.4.29-1ubuntu4.24_i386.buildinfo
 4b80cfa9c4270ddc5f8fcd01303ef508 95132 httpd optional apache2_2.4.29-1ubuntu4.24_i386.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>