Git : Code : apache2 package : Ubuntu

Ubuntu
apache2 package

View Bazaar branches

Get this repository:: git clone https://git.launchpad.net/ubuntu/+source/apache2

Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name	Last Modified	Last Commit
importer/debian/dsc	2018-07-14 11:05:18 UTC 2018-07-14	DSC file for 2.4.25-3+deb9u5 Author: Ubuntu Git Importer Author Date: 2018-07-14 11:05:18 UTC DSC file for 2.4.25-3+deb9u5
applied/debian/stretch	2018-07-14 10:48:58 UTC 2018-07-14	Import patches-applied version 2.4.25-3+deb9u5 to applied/debian/stretch Author: Stefan Fritsch Author Date: 2018-06-02 08:01:13 UTC Import patches-applied version 2.4.25-3+deb9u5 to applied/debian/stretch Imported using git-ubuntu import. Changelog parent: eff00437e39272c73f9ec9ca0f7f98d1d320a1b3 Unapplied parent: a2414327992905481a8b91346845b3ef3ade4a19 New changelog entries: * Upgrade mod_http and mod_proxy_http2 to the versions from 2.4.33. This fixes - CVE-2018-1302: mod_http2: Potential crash w/ mod_http2 - Segfaults in mod_http2 (Closes: #873945) - mod_http2 issue with option "Indexes" and directive "HeaderName" (Closes: #850947) Unfortunately, this also removes support for http2 when running on mpm_prefork. * mod_http2: Avoid high memory usage with large files, causing crashes on 32bit archs. Closes: #897218 * Make the apache-htcacheclean init script actually look into /etc/default/apache-htcacheclean for its config. Closes: #898563 * CVE-2017-15710: mod_authnz_ldap: Out of bound write in mod_authnz_ldap when using too small Accept-Language values. * CVE-2017-15715: <FilesMatch> bypass with a trailing newline in the file name. Configure the regular expression engine to match '$' to the end of the input string only, excluding matching the end of any embedded newline characters. Behavior can be changed with new directive 'RegexDefaultOptions'. * CVE-2018-1283: Tampering of mod_session data for CGI applications. * CVE-2018-1301: Possible out of bound access after failure in reading the HTTP request * CVE-2018-1303: Possible out of bound read in mod_cache_socache * CVE-2018-1312: mod_auth_digest: Weak Digest auth nonce generation
debian/stretch	2018-07-14 10:48:58 UTC 2018-07-14	Import patches-unapplied version 2.4.25-3+deb9u5 to debian/stretch Author: Stefan Fritsch Author Date: 2018-06-02 08:01:13 UTC Import patches-unapplied version 2.4.25-3+deb9u5 to debian/stretch Imported using git-ubuntu import. Changelog parent: 8bf2e49e6b4e62c7a67f25b37448bd4602afdda5 New changelog entries: * Upgrade mod_http and mod_proxy_http2 to the versions from 2.4.33. This fixes - CVE-2018-1302: mod_http2: Potential crash w/ mod_http2 - Segfaults in mod_http2 (Closes: #873945) - mod_http2 issue with option "Indexes" and directive "HeaderName" (Closes: #850947) Unfortunately, this also removes support for http2 when running on mpm_prefork. * mod_http2: Avoid high memory usage with large files, causing crashes on 32bit archs. Closes: #897218 * Make the apache-htcacheclean init script actually look into /etc/default/apache-htcacheclean for its config. Closes: #898563 * CVE-2017-15710: mod_authnz_ldap: Out of bound write in mod_authnz_ldap when using too small Accept-Language values. * CVE-2017-15715: <FilesMatch> bypass with a trailing newline in the file name. Configure the regular expression engine to match '$' to the end of the input string only, excluding matching the end of any embedded newline characters. Behavior can be changed with new directive 'RegexDefaultOptions'. * CVE-2018-1283: Tampering of mod_session data for CGI applications. * CVE-2018-1301: Possible out of bound access after failure in reading the HTTP request * CVE-2018-1303: Possible out of bound read in mod_cache_socache * CVE-2018-1312: mod_auth_digest: Weak Digest auth nonce generation
importer/ubuntu/dsc	2018-07-05 13:59:18 UTC 2018-07-05	DSC file for 2.4.33-3ubuntu3 Author: Ubuntu Git Importer Author Date: 2018-07-05 13:59:18 UTC DSC file for 2.4.33-3ubuntu3
applied/ubuntu/cosmic-devel	2018-06-28 15:03:19 UTC 2018-06-28	Import patches-applied version 2.4.33-3ubuntu3 to applied/ubuntu/cosmic-proposed Author: Andreas Hasenack Author Date: 2018-06-28 13:07:06 UTC Import patches-applied version 2.4.33-3ubuntu3 to applied/ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: 2f03e62cb057e242bdf5eca03c77ce1a4c6473aa Unapplied parent: 8bb39de0ce39e4398935f19a1879a0702878f8bf New changelog entries: * d/control, d/rules, d/config-dir/mods-available/proxy_uwsgi.load: re-enable proxy_uwsgi, as the uwsgi source no longer builds this module.
ubuntu/cosmic-devel	2018-06-28 15:03:19 UTC 2018-06-28	Import patches-unapplied version 2.4.33-3ubuntu3 to ubuntu/cosmic-proposed Author: Andreas Hasenack Author Date: 2018-06-28 13:07:06 UTC Import patches-unapplied version 2.4.33-3ubuntu3 to ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: e4b7bdb1ef5523de532bb5ffad7268b40c7aa255 New changelog entries: * d/control, d/rules, d/config-dir/mods-available/proxy_uwsgi.load: re-enable proxy_uwsgi, as the uwsgi source no longer builds this module.
applied/ubuntu/cosmic	2018-06-28 15:03:19 UTC 2018-06-28	Import patches-applied version 2.4.33-3ubuntu3 to applied/ubuntu/cosmic-proposed Author: Andreas Hasenack Author Date: 2018-06-28 13:07:06 UTC Import patches-applied version 2.4.33-3ubuntu3 to applied/ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: 2f03e62cb057e242bdf5eca03c77ce1a4c6473aa Unapplied parent: 8bb39de0ce39e4398935f19a1879a0702878f8bf New changelog entries: * d/control, d/rules, d/config-dir/mods-available/proxy_uwsgi.load: re-enable proxy_uwsgi, as the uwsgi source no longer builds this module.
ubuntu/cosmic-proposed	2018-06-28 15:03:19 UTC 2018-06-28	Import patches-unapplied version 2.4.33-3ubuntu3 to ubuntu/cosmic-proposed Author: Andreas Hasenack Author Date: 2018-06-28 13:07:06 UTC Import patches-unapplied version 2.4.33-3ubuntu3 to ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: e4b7bdb1ef5523de532bb5ffad7268b40c7aa255 New changelog entries: * d/control, d/rules, d/config-dir/mods-available/proxy_uwsgi.load: re-enable proxy_uwsgi, as the uwsgi source no longer builds this module.
applied/ubuntu/cosmic-proposed	2018-06-28 15:03:19 UTC 2018-06-28	Import patches-applied version 2.4.33-3ubuntu3 to applied/ubuntu/cosmic-proposed Author: Andreas Hasenack Author Date: 2018-06-28 13:07:06 UTC Import patches-applied version 2.4.33-3ubuntu3 to applied/ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: 2f03e62cb057e242bdf5eca03c77ce1a4c6473aa Unapplied parent: 8bb39de0ce39e4398935f19a1879a0702878f8bf New changelog entries: * d/control, d/rules, d/config-dir/mods-available/proxy_uwsgi.load: re-enable proxy_uwsgi, as the uwsgi source no longer builds this module.
ubuntu/devel	2018-06-28 15:03:19 UTC 2018-06-28	Import patches-unapplied version 2.4.33-3ubuntu3 to ubuntu/cosmic-proposed Author: Andreas Hasenack Author Date: 2018-06-28 13:07:06 UTC Import patches-unapplied version 2.4.33-3ubuntu3 to ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: e4b7bdb1ef5523de532bb5ffad7268b40c7aa255 New changelog entries: * d/control, d/rules, d/config-dir/mods-available/proxy_uwsgi.load: re-enable proxy_uwsgi, as the uwsgi source no longer builds this module.
applied/ubuntu/devel	2018-06-28 15:03:19 UTC 2018-06-28	Import patches-applied version 2.4.33-3ubuntu3 to applied/ubuntu/cosmic-proposed Author: Andreas Hasenack Author Date: 2018-06-28 13:07:06 UTC Import patches-applied version 2.4.33-3ubuntu3 to applied/ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: 2f03e62cb057e242bdf5eca03c77ce1a4c6473aa Unapplied parent: 8bb39de0ce39e4398935f19a1879a0702878f8bf New changelog entries: * d/control, d/rules, d/config-dir/mods-available/proxy_uwsgi.load: re-enable proxy_uwsgi, as the uwsgi source no longer builds this module.
ubuntu/cosmic	2018-06-28 15:03:19 UTC 2018-06-28	Import patches-unapplied version 2.4.33-3ubuntu3 to ubuntu/cosmic-proposed Author: Andreas Hasenack Author Date: 2018-06-28 13:07:06 UTC Import patches-unapplied version 2.4.33-3ubuntu3 to ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: e4b7bdb1ef5523de532bb5ffad7268b40c7aa255 New changelog entries: * d/control, d/rules, d/config-dir/mods-available/proxy_uwsgi.load: re-enable proxy_uwsgi, as the uwsgi source no longer builds this module.
debian/jessie	2018-06-23 17:05:20 UTC 2018-06-23	Import patches-unapplied version 2.4.10-10+deb8u12 to debian/jessie Author: Stefan Fritsch Author Date: 2018-03-31 09:31:57 UTC Import patches-unapplied version 2.4.10-10+deb8u12 to debian/jessie Imported using git-ubuntu import. Changelog parent: 2c986900081af76f74ef6d53bd789ecf4497af8e New changelog entries: * CVE-2017-15710: mod_authnz_ldap: Out of bound write in mod_authnz_ldap when using too small Accept-Language values. * CVE-2017-15715: <FilesMatch> bypass with a trailing newline in the file name. Configure the regular expression engine to match '$' to the end of the input string only, excluding matching the end of any embedded newline characters. Behavior can be changed with new directive 'RegexDefaultOptions'. * CVE-2018-1283: Tampering of mod_session data for CGI applications. * CVE-2018-1301: Possible out of bound access after failure in reading the HTTP request * CVE-2018-1303: Possible out of bound read in mod_cache_socache * CVE-2018-1312: mod_auth_digest: Weak Digest auth nonce generation
applied/debian/jessie	2018-06-23 17:05:20 UTC 2018-06-23	Import patches-applied version 2.4.10-10+deb8u12 to applied/debian/jessie Author: Stefan Fritsch Author Date: 2018-03-31 09:31:57 UTC Import patches-applied version 2.4.10-10+deb8u12 to applied/debian/jessie Imported using git-ubuntu import. Changelog parent: 00e390572793fa6a05c5e856c4800602946e1a18 Unapplied parent: c4596a9809422583e0b43d77aa93bcc4edb1d15f New changelog entries: * CVE-2017-15710: mod_authnz_ldap: Out of bound write in mod_authnz_ldap when using too small Accept-Language values. * CVE-2017-15715: <FilesMatch> bypass with a trailing newline in the file name. Configure the regular expression engine to match '$' to the end of the input string only, excluding matching the end of any embedded newline characters. Behavior can be changed with new directive 'RegexDefaultOptions'. * CVE-2018-1283: Tampering of mod_session data for CGI applications. * CVE-2018-1301: Possible out of bound access after failure in reading the HTTP request * CVE-2018-1303: Possible out of bound read in mod_cache_socache * CVE-2018-1312: mod_auth_digest: Weak Digest auth nonce generation
applied/ubuntu/xenial-proposed	2018-06-13 15:03:15 UTC 2018-06-13	Import patches-applied version 2.4.18-2ubuntu3.9 to applied/ubuntu/xenial-pro... Author: Andreas Hasenack Author Date: 2018-06-07 19:43:03 UTC Import patches-applied version 2.4.18-2ubuntu3.9 to applied/ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: b5d462cf6d8bda9c03c94365002304f837714907 Unapplied parent: 1aad28c0a259d04f7e5960d9cb82c3ccfc0b31f7 New changelog entries: * debian/patches/includeoptional-ignore-non-existent.patch: silently ignore a not existent file path with IncludeOptional . Closes LP: #1766186.
applied/ubuntu/xenial-updates	2018-06-13 15:03:15 UTC 2018-06-13	Import patches-applied version 2.4.18-2ubuntu3.9 to applied/ubuntu/xenial-pro... Author: Andreas Hasenack Author Date: 2018-06-07 19:43:03 UTC Import patches-applied version 2.4.18-2ubuntu3.9 to applied/ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: b5d462cf6d8bda9c03c94365002304f837714907 Unapplied parent: 1aad28c0a259d04f7e5960d9cb82c3ccfc0b31f7 New changelog entries: * debian/patches/includeoptional-ignore-non-existent.patch: silently ignore a not existent file path with IncludeOptional . Closes LP: #1766186.
ubuntu/xenial-devel	2018-06-13 15:03:15 UTC 2018-06-13	Import patches-unapplied version 2.4.18-2ubuntu3.9 to ubuntu/xenial-proposed Author: Andreas Hasenack Author Date: 2018-06-07 19:43:03 UTC Import patches-unapplied version 2.4.18-2ubuntu3.9 to ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: 70003688226c7b2b0040a7bb651616a86e4f1b50 New changelog entries: * debian/patches/includeoptional-ignore-non-existent.patch: silently ignore a not existent file path with IncludeOptional . Closes LP: #1766186.
ubuntu/xenial-proposed	2018-06-13 15:03:15 UTC 2018-06-13	Import patches-unapplied version 2.4.18-2ubuntu3.9 to ubuntu/xenial-proposed Author: Andreas Hasenack Author Date: 2018-06-07 19:43:03 UTC Import patches-unapplied version 2.4.18-2ubuntu3.9 to ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: 70003688226c7b2b0040a7bb651616a86e4f1b50 New changelog entries: * debian/patches/includeoptional-ignore-non-existent.patch: silently ignore a not existent file path with IncludeOptional . Closes LP: #1766186.
ubuntu/xenial-updates	2018-06-13 15:03:15 UTC 2018-06-13	Import patches-unapplied version 2.4.18-2ubuntu3.9 to ubuntu/xenial-proposed Author: Andreas Hasenack Author Date: 2018-06-07 19:43:03 UTC Import patches-unapplied version 2.4.18-2ubuntu3.9 to ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: 70003688226c7b2b0040a7bb651616a86e4f1b50 New changelog entries: * debian/patches/includeoptional-ignore-non-existent.patch: silently ignore a not existent file path with IncludeOptional . Closes LP: #1766186.
applied/ubuntu/xenial-devel	2018-06-13 15:03:15 UTC 2018-06-13	Import patches-applied version 2.4.18-2ubuntu3.9 to applied/ubuntu/xenial-pro... Author: Andreas Hasenack Author Date: 2018-06-07 19:43:03 UTC Import patches-applied version 2.4.18-2ubuntu3.9 to applied/ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: b5d462cf6d8bda9c03c94365002304f837714907 Unapplied parent: 1aad28c0a259d04f7e5960d9cb82c3ccfc0b31f7 New changelog entries: * debian/patches/includeoptional-ignore-non-existent.patch: silently ignore a not existent file path with IncludeOptional . Closes LP: #1766186.
ubuntu/artful-devel	2018-06-13 14:58:14 UTC 2018-06-13	Import patches-unapplied version 2.4.27-2ubuntu4.2 to ubuntu/artful-proposed Author: Andreas Hasenack Author Date: 2018-06-07 20:53:23 UTC Import patches-unapplied version 2.4.27-2ubuntu4.2 to ubuntu/artful-proposed Imported using git-ubuntu import. Changelog parent: cbc32000dfcc49bf646d2453fa1b15f7c2075c8c New changelog entries: * debian/patches/includeoptional-ignore-non-existent.patch: silently ignore a not existent file path with IncludeOptional . Closes LP: #1766186.
ubuntu/bionic-devel	2018-06-13 14:58:14 UTC 2018-06-13	Import patches-unapplied version 2.4.29-1ubuntu4.2 to ubuntu/bionic-proposed Author: Andreas Hasenack Author Date: 2018-06-07 21:10:10 UTC Import patches-unapplied version 2.4.29-1ubuntu4.2 to ubuntu/bionic-proposed Imported using git-ubuntu import. Changelog parent: 6c8f20d9ae1e908fc845bee1b80669f70153f127 New changelog entries: * debian/patches/includeoptional-ignore-non-existent.patch: silently ignore a not existent file path with IncludeOptional . Closes LP: #1766186.
applied/ubuntu/artful-updates	2018-06-13 14:58:14 UTC 2018-06-13	Import patches-applied version 2.4.27-2ubuntu4.2 to applied/ubuntu/artful-pro... Author: Andreas Hasenack Author Date: 2018-06-07 20:53:23 UTC Import patches-applied version 2.4.27-2ubuntu4.2 to applied/ubuntu/artful-proposed Imported using git-ubuntu import. Changelog parent: fd5338f20b378326a61beb4dbbc6e669e496b4bb Unapplied parent: 642df2d682545baf86a0432c70bf133875b1f9c6 New changelog entries: * debian/patches/includeoptional-ignore-non-existent.patch: silently ignore a not existent file path with IncludeOptional . Closes LP: #1766186.
applied/ubuntu/bionic-updates	2018-06-13 14:58:14 UTC 2018-06-13	Import patches-applied version 2.4.29-1ubuntu4.2 to applied/ubuntu/bionic-pro... Author: Andreas Hasenack Author Date: 2018-06-07 21:10:10 UTC Import patches-applied version 2.4.29-1ubuntu4.2 to applied/ubuntu/bionic-proposed Imported using git-ubuntu import. Changelog parent: f0d7f7c32eac714ea0aba80756bee850bbafe11a Unapplied parent: 5b282a70c57b44c520e89968762e4d5bf1d70aaf New changelog entries: * debian/patches/includeoptional-ignore-non-existent.patch: silently ignore a not existent file path with IncludeOptional . Closes LP: #1766186.
ubuntu/bionic-updates	2018-06-13 14:58:14 UTC 2018-06-13	Import patches-unapplied version 2.4.29-1ubuntu4.2 to ubuntu/bionic-proposed Author: Andreas Hasenack Author Date: 2018-06-07 21:10:10 UTC Import patches-unapplied version 2.4.29-1ubuntu4.2 to ubuntu/bionic-proposed Imported using git-ubuntu import. Changelog parent: 6c8f20d9ae1e908fc845bee1b80669f70153f127 New changelog entries: * debian/patches/includeoptional-ignore-non-existent.patch: silently ignore a not existent file path with IncludeOptional . Closes LP: #1766186.
applied/ubuntu/artful-proposed	2018-06-13 14:58:14 UTC 2018-06-13	Import patches-applied version 2.4.27-2ubuntu4.2 to applied/ubuntu/artful-pro... Author: Andreas Hasenack Author Date: 2018-06-07 20:53:23 UTC Import patches-applied version 2.4.27-2ubuntu4.2 to applied/ubuntu/artful-proposed Imported using git-ubuntu import. Changelog parent: fd5338f20b378326a61beb4dbbc6e669e496b4bb Unapplied parent: 642df2d682545baf86a0432c70bf133875b1f9c6 New changelog entries: * debian/patches/includeoptional-ignore-non-existent.patch: silently ignore a not existent file path with IncludeOptional . Closes LP: #1766186.
ubuntu/artful-proposed	2018-06-13 14:58:14 UTC 2018-06-13	Import patches-unapplied version 2.4.27-2ubuntu4.2 to ubuntu/artful-proposed Author: Andreas Hasenack Author Date: 2018-06-07 20:53:23 UTC Import patches-unapplied version 2.4.27-2ubuntu4.2 to ubuntu/artful-proposed Imported using git-ubuntu import. Changelog parent: cbc32000dfcc49bf646d2453fa1b15f7c2075c8c New changelog entries: * debian/patches/includeoptional-ignore-non-existent.patch: silently ignore a not existent file path with IncludeOptional . Closes LP: #1766186.
applied/ubuntu/artful-devel	2018-06-13 14:58:14 UTC 2018-06-13	Import patches-applied version 2.4.27-2ubuntu4.2 to applied/ubuntu/artful-pro... Author: Andreas Hasenack Author Date: 2018-06-07 20:53:23 UTC Import patches-applied version 2.4.27-2ubuntu4.2 to applied/ubuntu/artful-proposed Imported using git-ubuntu import. Changelog parent: fd5338f20b378326a61beb4dbbc6e669e496b4bb Unapplied parent: 642df2d682545baf86a0432c70bf133875b1f9c6 New changelog entries: * debian/patches/includeoptional-ignore-non-existent.patch: silently ignore a not existent file path with IncludeOptional . Closes LP: #1766186.
ubuntu/bionic-proposed	2018-06-13 14:58:14 UTC 2018-06-13	Import patches-unapplied version 2.4.29-1ubuntu4.2 to ubuntu/bionic-proposed Author: Andreas Hasenack Author Date: 2018-06-07 21:10:10 UTC Import patches-unapplied version 2.4.29-1ubuntu4.2 to ubuntu/bionic-proposed Imported using git-ubuntu import. Changelog parent: 6c8f20d9ae1e908fc845bee1b80669f70153f127 New changelog entries: * debian/patches/includeoptional-ignore-non-existent.patch: silently ignore a not existent file path with IncludeOptional . Closes LP: #1766186.
ubuntu/artful-updates	2018-06-13 14:58:14 UTC 2018-06-13	Import patches-unapplied version 2.4.27-2ubuntu4.2 to ubuntu/artful-proposed Author: Andreas Hasenack Author Date: 2018-06-07 20:53:23 UTC Import patches-unapplied version 2.4.27-2ubuntu4.2 to ubuntu/artful-proposed Imported using git-ubuntu import. Changelog parent: cbc32000dfcc49bf646d2453fa1b15f7c2075c8c New changelog entries: * debian/patches/includeoptional-ignore-non-existent.patch: silently ignore a not existent file path with IncludeOptional . Closes LP: #1766186.
applied/ubuntu/bionic-devel	2018-06-13 14:58:14 UTC 2018-06-13	Import patches-applied version 2.4.29-1ubuntu4.2 to applied/ubuntu/bionic-pro... Author: Andreas Hasenack Author Date: 2018-06-07 21:10:10 UTC Import patches-applied version 2.4.29-1ubuntu4.2 to applied/ubuntu/bionic-proposed Imported using git-ubuntu import. Changelog parent: f0d7f7c32eac714ea0aba80756bee850bbafe11a Unapplied parent: 5b282a70c57b44c520e89968762e4d5bf1d70aaf New changelog entries: * debian/patches/includeoptional-ignore-non-existent.patch: silently ignore a not existent file path with IncludeOptional . Closes LP: #1766186.
applied/ubuntu/bionic-proposed	2018-06-13 14:58:14 UTC 2018-06-13	Import patches-applied version 2.4.29-1ubuntu4.2 to applied/ubuntu/bionic-pro... Author: Andreas Hasenack Author Date: 2018-06-07 21:10:10 UTC Import patches-applied version 2.4.29-1ubuntu4.2 to applied/ubuntu/bionic-proposed Imported using git-ubuntu import. Changelog parent: f0d7f7c32eac714ea0aba80756bee850bbafe11a Unapplied parent: 5b282a70c57b44c520e89968762e4d5bf1d70aaf New changelog entries: * debian/patches/includeoptional-ignore-non-existent.patch: silently ignore a not existent file path with IncludeOptional . Closes LP: #1766186.
debian/sid	2018-05-05 16:27:15 UTC 2018-05-05	Import patches-unapplied version 2.4.33-3 to debian/sid Author: Stefan Fritsch Author Date: 2018-05-05 09:34:47 UTC Import patches-unapplied version 2.4.33-3 to debian/sid Imported using git-ubuntu import. Changelog parent: b13a69a4c7ec1ab4ee90a70d5dff9e013a2d26d0 New changelog entries: * Add Breaks for libapache2-mod-proxy-uwsgi and libapache2-mod-md, too. Closes: #894785 * mod_http2: Avoid high memory usage with large files, causing crashes on 32bit archs. Closes: #897218 * Migrate from alioth to salsa.
applied/debian/sid	2018-05-05 16:27:15 UTC 2018-05-05	Import patches-applied version 2.4.33-3 to applied/debian/sid Author: Stefan Fritsch Author Date: 2018-05-05 09:34:47 UTC Import patches-applied version 2.4.33-3 to applied/debian/sid Imported using git-ubuntu import. Changelog parent: 10445e2b055d061dd4674d6353fa50a6332e529d Unapplied parent: 88f5a3b29246183c6598928980b805ac6e2a008d New changelog entries: * Add Breaks for libapache2-mod-proxy-uwsgi and libapache2-mod-md, too. Closes: #894785 * mod_http2: Avoid high memory usage with large files, causing crashes on 32bit archs. Closes: #897218 * Migrate from alioth to salsa.
debian/buster	2018-05-05 16:27:15 UTC 2018-05-05	Import patches-unapplied version 2.4.33-3 to debian/sid Author: Stefan Fritsch Author Date: 2018-05-05 09:34:47 UTC Import patches-unapplied version 2.4.33-3 to debian/sid Imported using git-ubuntu import. Changelog parent: b13a69a4c7ec1ab4ee90a70d5dff9e013a2d26d0 New changelog entries: * Add Breaks for libapache2-mod-proxy-uwsgi and libapache2-mod-md, too. Closes: #894785 * mod_http2: Avoid high memory usage with large files, causing crashes on 32bit archs. Closes: #897218 * Migrate from alioth to salsa.
applied/debian/buster	2018-05-05 16:27:15 UTC 2018-05-05	Import patches-applied version 2.4.33-3 to applied/debian/sid Author: Stefan Fritsch Author Date: 2018-05-05 09:34:47 UTC Import patches-applied version 2.4.33-3 to applied/debian/sid Imported using git-ubuntu import. Changelog parent: 10445e2b055d061dd4674d6353fa50a6332e529d Unapplied parent: 88f5a3b29246183c6598928980b805ac6e2a008d New changelog entries: * Add Breaks for libapache2-mod-proxy-uwsgi and libapache2-mod-md, too. Closes: #894785 * mod_http2: Avoid high memory usage with large files, causing crashes on 32bit archs. Closes: #897218 * Migrate from alioth to salsa.
ubuntu/bionic-security	2018-04-30 16:38:13 UTC 2018-04-30	Import patches-unapplied version 2.4.29-1ubuntu4.1 to ubuntu/bionic-security Author: Marc Deslauriers Author Date: 2018-04-25 11:38:24 UTC Import patches-unapplied version 2.4.29-1ubuntu4.1 to ubuntu/bionic-security Imported using git-ubuntu import. Changelog parent: cb2b84735ee83e83e8d277ce4a346fff956f7fd4 New changelog entries: * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig - debian/patches/CVE-2017-15710.patch: fix language long names detection as short name in modules/aaa/mod_authnz_ldap.c. - CVE-2017-15710 * SECURITY UPDATE: incorrect <FilesMatch> matching - debian/patches/CVE-2017-15715.patch: allow to configure global/default options for regexes, like caseless matching or extended format in include/ap_regex.h, server/core.c, server/util_pcre.c. - CVE-2017-15715 * SECURITY UPDATE: mod_session header manipulation - debian/patches/CVE-2018-1283.patch: strip Session header when SessionEnv is on in modules/session/mod_session.c. - CVE-2018-1283 * SECURITY UPDATE: DoS via specially-crafted request - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL terminated on any error, not only on buffer full in server/protocol.c. - CVE-2018-1301 * SECURITY UPDATE: mod_cache_socache DoS - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up to carriage return in modules/cache/mod_cache_socache.c. - CVE-2018-1303 * SECURITY UPDATE: insecure nonce generation - debian/patches/CVE-2018-1312.patch: actually use the secret when generating nonces in modules/aaa/mod_auth_digest.c. - CVE-2018-1312
applied/ubuntu/bionic-security	2018-04-30 16:38:13 UTC 2018-04-30	Import patches-applied version 2.4.29-1ubuntu4.1 to applied/ubuntu/bionic-sec... Author: Marc Deslauriers Author Date: 2018-04-25 11:38:24 UTC Import patches-applied version 2.4.29-1ubuntu4.1 to applied/ubuntu/bionic-security Imported using git-ubuntu import. Changelog parent: 9c89ce13486f9c46d565b509ae545885b4635160 Unapplied parent: b92c71068b776e47776f122c8227475ecf83ce9c New changelog entries: * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig - debian/patches/CVE-2017-15710.patch: fix language long names detection as short name in modules/aaa/mod_authnz_ldap.c. - CVE-2017-15710 * SECURITY UPDATE: incorrect <FilesMatch> matching - debian/patches/CVE-2017-15715.patch: allow to configure global/default options for regexes, like caseless matching or extended format in include/ap_regex.h, server/core.c, server/util_pcre.c. - CVE-2017-15715 * SECURITY UPDATE: mod_session header manipulation - debian/patches/CVE-2018-1283.patch: strip Session header when SessionEnv is on in modules/session/mod_session.c. - CVE-2018-1283 * SECURITY UPDATE: DoS via specially-crafted request - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL terminated on any error, not only on buffer full in server/protocol.c. - CVE-2018-1301 * SECURITY UPDATE: mod_cache_socache DoS - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up to carriage return in modules/cache/mod_cache_socache.c. - CVE-2018-1303 * SECURITY UPDATE: insecure nonce generation - debian/patches/CVE-2018-1312.patch: actually use the secret when generating nonces in modules/aaa/mod_auth_digest.c. - CVE-2018-1312
ubuntu/trusty-updates	2018-04-19 12:28:31 UTC 2018-04-19	Import patches-unapplied version 2.4.7-1ubuntu4.20 to ubuntu/trusty-security Author: Marc Deslauriers Author Date: 2018-04-18 15:13:36 UTC Import patches-unapplied version 2.4.7-1ubuntu4.20 to ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: d9db5529d303ec4e7cc77ba09f647d9f75f00929 New changelog entries: * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig - debian/patches/CVE-2017-15710.patch: fix language long names detection as short name in modules/aaa/mod_authnz_ldap.c. - CVE-2017-15710 * SECURITY UPDATE: incorrect <FilesMatch> matching - debian/patches/CVE-2017-15715-pre.patch: add ap_cstr_casecmp[n]() to include/httpd.h, server/util.c. - debian/patches/CVE-2017-15715.patch: allow to configure global/default options for regexes, like caseless matching or extended format in include/ap_regex.h, server/core.c, server/util_pcre.c. - CVE-2017-15715 * SECURITY UPDATE: mod_session header manipulation - debian/patches/CVE-2018-1283.patch: strip Session header when SessionEnv is on in modules/session/mod_session.c. - CVE-2018-1283 * SECURITY UPDATE: DoS via specially-crafted request - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL terminated on any error, not only on buffer full in server/protocol.c. - CVE-2018-1301 * SECURITY UPDATE: mod_cache_socache DoS - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up to carriage return in modules/cache/mod_cache_socache.c. - CVE-2018-1303 * SECURITY UPDATE: insecure nonce generation - debian/patches/CVE-2018-1312.patch: actually use the secret when generating nonces in modules/aaa/mod_auth_digest.c. - CVE-2018-1312
applied/ubuntu/trusty-updates	2018-04-19 12:28:31 UTC 2018-04-19	Import patches-applied version 2.4.7-1ubuntu4.20 to applied/ubuntu/trusty-sec... Author: Marc Deslauriers Author Date: 2018-04-18 15:13:36 UTC Import patches-applied version 2.4.7-1ubuntu4.20 to applied/ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: 5d40a9755d90607e849f9726d1ef4259ca3df267 Unapplied parent: 9d776cde107003d7fa83668459e3819caa0a6e79 New changelog entries: * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig - debian/patches/CVE-2017-15710.patch: fix language long names detection as short name in modules/aaa/mod_authnz_ldap.c. - CVE-2017-15710 * SECURITY UPDATE: incorrect <FilesMatch> matching - debian/patches/CVE-2017-15715-pre.patch: add ap_cstr_casecmp[n]() to include/httpd.h, server/util.c. - debian/patches/CVE-2017-15715.patch: allow to configure global/default options for regexes, like caseless matching or extended format in include/ap_regex.h, server/core.c, server/util_pcre.c. - CVE-2017-15715 * SECURITY UPDATE: mod_session header manipulation - debian/patches/CVE-2018-1283.patch: strip Session header when SessionEnv is on in modules/session/mod_session.c. - CVE-2018-1283 * SECURITY UPDATE: DoS via specially-crafted request - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL terminated on any error, not only on buffer full in server/protocol.c. - CVE-2018-1301 * SECURITY UPDATE: mod_cache_socache DoS - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up to carriage return in modules/cache/mod_cache_socache.c. - CVE-2018-1303 * SECURITY UPDATE: insecure nonce generation - debian/patches/CVE-2018-1312.patch: actually use the secret when generating nonces in modules/aaa/mod_auth_digest.c. - CVE-2018-1312
ubuntu/trusty-security	2018-04-19 12:28:31 UTC 2018-04-19	Import patches-unapplied version 2.4.7-1ubuntu4.20 to ubuntu/trusty-security Author: Marc Deslauriers Author Date: 2018-04-18 15:13:36 UTC Import patches-unapplied version 2.4.7-1ubuntu4.20 to ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: d9db5529d303ec4e7cc77ba09f647d9f75f00929 New changelog entries: * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig - debian/patches/CVE-2017-15710.patch: fix language long names detection as short name in modules/aaa/mod_authnz_ldap.c. - CVE-2017-15710 * SECURITY UPDATE: incorrect <FilesMatch> matching - debian/patches/CVE-2017-15715-pre.patch: add ap_cstr_casecmp[n]() to include/httpd.h, server/util.c. - debian/patches/CVE-2017-15715.patch: allow to configure global/default options for regexes, like caseless matching or extended format in include/ap_regex.h, server/core.c, server/util_pcre.c. - CVE-2017-15715 * SECURITY UPDATE: mod_session header manipulation - debian/patches/CVE-2018-1283.patch: strip Session header when SessionEnv is on in modules/session/mod_session.c. - CVE-2018-1283 * SECURITY UPDATE: DoS via specially-crafted request - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL terminated on any error, not only on buffer full in server/protocol.c. - CVE-2018-1301 * SECURITY UPDATE: mod_cache_socache DoS - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up to carriage return in modules/cache/mod_cache_socache.c. - CVE-2018-1303 * SECURITY UPDATE: insecure nonce generation - debian/patches/CVE-2018-1312.patch: actually use the secret when generating nonces in modules/aaa/mod_auth_digest.c. - CVE-2018-1312
applied/ubuntu/trusty-security	2018-04-19 12:28:31 UTC 2018-04-19	Import patches-applied version 2.4.7-1ubuntu4.20 to applied/ubuntu/trusty-sec... Author: Marc Deslauriers Author Date: 2018-04-18 15:13:36 UTC Import patches-applied version 2.4.7-1ubuntu4.20 to applied/ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: 5d40a9755d90607e849f9726d1ef4259ca3df267 Unapplied parent: 9d776cde107003d7fa83668459e3819caa0a6e79 New changelog entries: * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig - debian/patches/CVE-2017-15710.patch: fix language long names detection as short name in modules/aaa/mod_authnz_ldap.c. - CVE-2017-15710 * SECURITY UPDATE: incorrect <FilesMatch> matching - debian/patches/CVE-2017-15715-pre.patch: add ap_cstr_casecmp[n]() to include/httpd.h, server/util.c. - debian/patches/CVE-2017-15715.patch: allow to configure global/default options for regexes, like caseless matching or extended format in include/ap_regex.h, server/core.c, server/util_pcre.c. - CVE-2017-15715 * SECURITY UPDATE: mod_session header manipulation - debian/patches/CVE-2018-1283.patch: strip Session header when SessionEnv is on in modules/session/mod_session.c. - CVE-2018-1283 * SECURITY UPDATE: DoS via specially-crafted request - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL terminated on any error, not only on buffer full in server/protocol.c. - CVE-2018-1301 * SECURITY UPDATE: mod_cache_socache DoS - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up to carriage return in modules/cache/mod_cache_socache.c. - CVE-2018-1303 * SECURITY UPDATE: insecure nonce generation - debian/patches/CVE-2018-1312.patch: actually use the secret when generating nonces in modules/aaa/mod_auth_digest.c. - CVE-2018-1312
ubuntu/trusty-devel	2018-04-19 12:28:31 UTC 2018-04-19	Import patches-unapplied version 2.4.7-1ubuntu4.20 to ubuntu/trusty-security Author: Marc Deslauriers Author Date: 2018-04-18 15:13:36 UTC Import patches-unapplied version 2.4.7-1ubuntu4.20 to ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: d9db5529d303ec4e7cc77ba09f647d9f75f00929 New changelog entries: * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig - debian/patches/CVE-2017-15710.patch: fix language long names detection as short name in modules/aaa/mod_authnz_ldap.c. - CVE-2017-15710 * SECURITY UPDATE: incorrect <FilesMatch> matching - debian/patches/CVE-2017-15715-pre.patch: add ap_cstr_casecmp[n]() to include/httpd.h, server/util.c. - debian/patches/CVE-2017-15715.patch: allow to configure global/default options for regexes, like caseless matching or extended format in include/ap_regex.h, server/core.c, server/util_pcre.c. - CVE-2017-15715 * SECURITY UPDATE: mod_session header manipulation - debian/patches/CVE-2018-1283.patch: strip Session header when SessionEnv is on in modules/session/mod_session.c. - CVE-2018-1283 * SECURITY UPDATE: DoS via specially-crafted request - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL terminated on any error, not only on buffer full in server/protocol.c. - CVE-2018-1301 * SECURITY UPDATE: mod_cache_socache DoS - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up to carriage return in modules/cache/mod_cache_socache.c. - CVE-2018-1303 * SECURITY UPDATE: insecure nonce generation - debian/patches/CVE-2018-1312.patch: actually use the secret when generating nonces in modules/aaa/mod_auth_digest.c. - CVE-2018-1312
applied/ubuntu/artful-security	2018-04-19 12:28:31 UTC 2018-04-19	Import patches-applied version 2.4.27-2ubuntu4.1 to applied/ubuntu/artful-sec... Author: Marc Deslauriers Author Date: 2018-04-18 14:20:05 UTC Import patches-applied version 2.4.27-2ubuntu4.1 to applied/ubuntu/artful-security Imported using git-ubuntu import. Changelog parent: 4cbcac15d53554def83f1ce8815ed41072705790 Unapplied parent: c8d6bd075d7b5cd749d1ab0ab8967330d73fbee5 New changelog entries: * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig - debian/patches/CVE-2017-15710.patch: fix language long names detection as short name in modules/aaa/mod_authnz_ldap.c. - CVE-2017-15710 * SECURITY UPDATE: incorrect <FilesMatch> matching - debian/patches/CVE-2017-15715.patch: allow to configure global/default options for regexes, like caseless matching or extended format in include/ap_regex.h, server/core.c, server/util_pcre.c. - CVE-2017-15715 * SECURITY UPDATE: mod_session header manipulation - debian/patches/CVE-2018-1283.patch: strip Session header when SessionEnv is on in modules/session/mod_session.c. - CVE-2018-1283 * SECURITY UPDATE: DoS via specially-crafted request - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL terminated on any error, not only on buffer full in server/protocol.c. - CVE-2018-1301 * SECURITY UPDATE: mod_cache_socache DoS - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up to carriage return in modules/cache/mod_cache_socache.c. - CVE-2018-1303 * SECURITY UPDATE: insecure nonce generation - debian/patches/CVE-2018-1312.patch: actually use the secret when generating nonces in modules/aaa/mod_auth_digest.c. - CVE-2018-1312
ubuntu/artful-security	2018-04-19 12:28:31 UTC 2018-04-19	Import patches-unapplied version 2.4.27-2ubuntu4.1 to ubuntu/artful-security Author: Marc Deslauriers Author Date: 2018-04-18 14:20:05 UTC Import patches-unapplied version 2.4.27-2ubuntu4.1 to ubuntu/artful-security Imported using git-ubuntu import. Changelog parent: c7c79f29748d24bb5f9fbc71b131aef8cc4117c2 New changelog entries: * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig - debian/patches/CVE-2017-15710.patch: fix language long names detection as short name in modules/aaa/mod_authnz_ldap.c. - CVE-2017-15710 * SECURITY UPDATE: incorrect <FilesMatch> matching - debian/patches/CVE-2017-15715.patch: allow to configure global/default options for regexes, like caseless matching or extended format in include/ap_regex.h, server/core.c, server/util_pcre.c. - CVE-2017-15715 * SECURITY UPDATE: mod_session header manipulation - debian/patches/CVE-2018-1283.patch: strip Session header when SessionEnv is on in modules/session/mod_session.c. - CVE-2018-1283 * SECURITY UPDATE: DoS via specially-crafted request - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL terminated on any error, not only on buffer full in server/protocol.c. - CVE-2018-1301 * SECURITY UPDATE: mod_cache_socache DoS - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up to carriage return in modules/cache/mod_cache_socache.c. - CVE-2018-1303 * SECURITY UPDATE: insecure nonce generation - debian/patches/CVE-2018-1312.patch: actually use the secret when generating nonces in modules/aaa/mod_auth_digest.c. - CVE-2018-1312
ubuntu/xenial-security	2018-04-19 12:28:31 UTC 2018-04-19	Import patches-unapplied version 2.4.18-2ubuntu3.8 to ubuntu/xenial-security Author: Marc Deslauriers Author Date: 2018-04-18 14:53:04 UTC Import patches-unapplied version 2.4.18-2ubuntu3.8 to ubuntu/xenial-security Imported using git-ubuntu import. Changelog parent: ad98b12e5bbe8e87b62464dc6422eb7b01ace3a5 New changelog entries: * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig - debian/patches/CVE-2017-15710.patch: fix language long names detection as short name in modules/aaa/mod_authnz_ldap.c. - CVE-2017-15710 * SECURITY UPDATE: incorrect <FilesMatch> matching - debian/patches/CVE-2017-15715-pre.patch: add ap_cstr_casecmp[n]() to include/httpd.h, server/util.c. - debian/patches/CVE-2017-15715.patch: allow to configure global/default options for regexes, like caseless matching or extended format in include/ap_regex.h, server/core.c, server/util_pcre.c. - CVE-2017-15715 * SECURITY UPDATE: mod_session header manipulation - debian/patches/CVE-2018-1283.patch: strip Session header when SessionEnv is on in modules/session/mod_session.c. - CVE-2018-1283 * SECURITY UPDATE: DoS via specially-crafted request - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL terminated on any error, not only on buffer full in server/protocol.c. - CVE-2018-1301 * SECURITY UPDATE: mod_cache_socache DoS - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up to carriage return in modules/cache/mod_cache_socache.c. - CVE-2018-1303 * SECURITY UPDATE: insecure nonce generation - debian/patches/CVE-2018-1312.patch: actually use the secret when generating nonces in modules/aaa/mod_auth_digest.c. - CVE-2018-1312
applied/ubuntu/trusty-devel	2018-04-19 12:28:31 UTC 2018-04-19	Import patches-applied version 2.4.7-1ubuntu4.20 to applied/ubuntu/trusty-sec... Author: Marc Deslauriers Author Date: 2018-04-18 15:13:36 UTC Import patches-applied version 2.4.7-1ubuntu4.20 to applied/ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: 5d40a9755d90607e849f9726d1ef4259ca3df267 Unapplied parent: 9d776cde107003d7fa83668459e3819caa0a6e79 New changelog entries: * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig - debian/patches/CVE-2017-15710.patch: fix language long names detection as short name in modules/aaa/mod_authnz_ldap.c. - CVE-2017-15710 * SECURITY UPDATE: incorrect <FilesMatch> matching - debian/patches/CVE-2017-15715-pre.patch: add ap_cstr_casecmp[n]() to include/httpd.h, server/util.c. - debian/patches/CVE-2017-15715.patch: allow to configure global/default options for regexes, like caseless matching or extended format in include/ap_regex.h, server/core.c, server/util_pcre.c. - CVE-2017-15715 * SECURITY UPDATE: mod_session header manipulation - debian/patches/CVE-2018-1283.patch: strip Session header when SessionEnv is on in modules/session/mod_session.c. - CVE-2018-1283 * SECURITY UPDATE: DoS via specially-crafted request - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL terminated on any error, not only on buffer full in server/protocol.c. - CVE-2018-1301 * SECURITY UPDATE: mod_cache_socache DoS - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up to carriage return in modules/cache/mod_cache_socache.c. - CVE-2018-1303 * SECURITY UPDATE: insecure nonce generation - debian/patches/CVE-2018-1312.patch: actually use the secret when generating nonces in modules/aaa/mod_auth_digest.c. - CVE-2018-1312
applied/ubuntu/xenial-security	2018-04-19 12:28:31 UTC 2018-04-19	Import patches-applied version 2.4.18-2ubuntu3.8 to applied/ubuntu/xenial-sec... Author: Marc Deslauriers Author Date: 2018-04-18 14:53:04 UTC Import patches-applied version 2.4.18-2ubuntu3.8 to applied/ubuntu/xenial-security Imported using git-ubuntu import. Changelog parent: c5c1fc6a98a5b18c3081d59f43f062c4d48ebe91 Unapplied parent: e2adc132f8895073c019e5603682b48096301441 New changelog entries: * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig - debian/patches/CVE-2017-15710.patch: fix language long names detection as short name in modules/aaa/mod_authnz_ldap.c. - CVE-2017-15710 * SECURITY UPDATE: incorrect <FilesMatch> matching - debian/patches/CVE-2017-15715-pre.patch: add ap_cstr_casecmp[n]() to include/httpd.h, server/util.c. - debian/patches/CVE-2017-15715.patch: allow to configure global/default options for regexes, like caseless matching or extended format in include/ap_regex.h, server/core.c, server/util_pcre.c. - CVE-2017-15715 * SECURITY UPDATE: mod_session header manipulation - debian/patches/CVE-2018-1283.patch: strip Session header when SessionEnv is on in modules/session/mod_session.c. - CVE-2018-1283 * SECURITY UPDATE: DoS via specially-crafted request - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL terminated on any error, not only on buffer full in server/protocol.c. - CVE-2018-1301 * SECURITY UPDATE: mod_cache_socache DoS - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up to carriage return in modules/cache/mod_cache_socache.c. - CVE-2018-1303 * SECURITY UPDATE: insecure nonce generation - debian/patches/CVE-2018-1312.patch: actually use the secret when generating nonces in modules/aaa/mod_auth_digest.c. - CVE-2018-1312
ubuntu/trusty-proposed	2018-04-05 19:24:24 UTC 2018-04-05	Import patches-unapplied version 2.4.7-1ubuntu4.19 to ubuntu/trusty-proposed Author: Rafael David Tinoco Author Date: 2018-03-02 01:48:33 UTC Import patches-unapplied version 2.4.7-1ubuntu4.19 to ubuntu/trusty-proposed Imported using git-ubuntu import. Changelog parent: 4ce8f475fe1a7c4af97f6dc09ecf28efdee0d12b New changelog entries: * Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP: #1752683) - added debian/patches/util_ldap_cache_lock_fix.patch
applied/ubuntu/trusty-proposed	2018-04-05 19:24:24 UTC 2018-04-05	Import patches-applied version 2.4.7-1ubuntu4.19 to applied/ubuntu/trusty-pro... Author: Rafael David Tinoco Author Date: 2018-03-02 01:48:33 UTC Import patches-applied version 2.4.7-1ubuntu4.19 to applied/ubuntu/trusty-proposed Imported using git-ubuntu import. Changelog parent: e3ed742db79475a994cf0aeb86af0b47d8482265 Unapplied parent: 64cb5d64c35f0e6e24f73beafdcc2541dfeaa469 New changelog entries: * Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP: #1752683) - added debian/patches/util_ldap_cache_lock_fix.patch
importer/debian/pristine-tar	2018-03-31 04:34:04 UTC 2018-03-31	pristine-tar data for apache2_2.4.33.orig.tar.bz2 Author: Ubuntu Git Importer Author Date: 2018-03-31 04:34:04 UTC pristine-tar data for apache2_2.4.33.orig.tar.bz2
applied/ubuntu/bionic	2018-03-29 13:13:40 UTC 2018-03-29	Import patches-applied version 2.4.29-1ubuntu4 to applied/ubuntu/bionic-proposed Author: Rafael David Tinoco Author Date: 2018-03-02 02:19:31 UTC Import patches-applied version 2.4.29-1ubuntu4 to applied/ubuntu/bionic-proposed Imported using git-ubuntu import. Changelog parent: e6a5ba316444c6a85aad977dc10a7ed7b1e830e3 Unapplied parent: 5f28e42a84d851b044f2aa09adaa6e79ea98871d New changelog entries: * Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP: #1752683) - added debian/patches/util_ldap_cache_lock_fix.patch
ubuntu/bionic	2018-03-29 13:13:40 UTC 2018-03-29	Import patches-unapplied version 2.4.29-1ubuntu4 to ubuntu/bionic-proposed Author: Rafael David Tinoco Author Date: 2018-03-02 02:19:31 UTC Import patches-unapplied version 2.4.29-1ubuntu4 to ubuntu/bionic-proposed Imported using git-ubuntu import. Changelog parent: 37630b8cc1dfd80c1b632f3e56c6a507e68d17be New changelog entries: * Avoid crashes, hangs and loops by fixing mod_ldap locking: (LP: #1752683) - added debian/patches/util_ldap_cache_lock_fix.patch
importer/ubuntu/pristine-tar	2018-03-07 17:08:01 UTC 2018-03-07	pristine-tar data for apache2_2.4.29.orig.tar.gz Author: Ubuntu Git Importer Author Date: 2018-03-07 17:08:01 UTC pristine-tar data for apache2_2.4.29.orig.tar.gz
ubuntu/zesty-devel	2017-09-19 17:24:04 UTC 2017-09-19	Import patches-unapplied version 2.4.25-3ubuntu2.3 to ubuntu/zesty-security Author: Marc Deslauriers Author Date: 2017-09-18 15:08:28 UTC Import patches-unapplied version 2.4.25-3ubuntu2.3 to ubuntu/zesty-security Imported using git-ubuntu import. Changelog parent: 8840cd42bf40a2c00ee0748841c259cc96f7a7df New changelog entries: * SECURITY UPDATE: optionsbleed information leak - debian/patches/CVE-2017-9798.patch: disallow method registration at run time in server/core.c. - CVE-2017-9798
applied/ubuntu/zesty-devel	2017-09-19 17:24:04 UTC 2017-09-19	Import patches-applied version 2.4.25-3ubuntu2.3 to applied/ubuntu/zesty-secu... Author: Marc Deslauriers Author Date: 2017-09-18 15:08:28 UTC Import patches-applied version 2.4.25-3ubuntu2.3 to applied/ubuntu/zesty-security Imported using git-ubuntu import. Changelog parent: e391d728f15d6a2fa6a4ddde7cf4121ccca6d9d2 Unapplied parent: 4c6e6ab90f12f4ef7f1a84ab40c605c925d42ab3 New changelog entries: * SECURITY UPDATE: optionsbleed information leak - debian/patches/CVE-2017-9798.patch: disallow method registration at run time in server/core.c. - CVE-2017-9798
applied/ubuntu/zesty-updates	2017-09-19 17:24:04 UTC 2017-09-19	Import patches-applied version 2.4.25-3ubuntu2.3 to applied/ubuntu/zesty-secu... Author: Marc Deslauriers Author Date: 2017-09-18 15:08:28 UTC Import patches-applied version 2.4.25-3ubuntu2.3 to applied/ubuntu/zesty-security Imported using git-ubuntu import. Changelog parent: e391d728f15d6a2fa6a4ddde7cf4121ccca6d9d2 Unapplied parent: 4c6e6ab90f12f4ef7f1a84ab40c605c925d42ab3 New changelog entries: * SECURITY UPDATE: optionsbleed information leak - debian/patches/CVE-2017-9798.patch: disallow method registration at run time in server/core.c. - CVE-2017-9798
ubuntu/zesty-updates	2017-09-19 17:24:04 UTC 2017-09-19	Import patches-unapplied version 2.4.25-3ubuntu2.3 to ubuntu/zesty-security Author: Marc Deslauriers Author Date: 2017-09-18 15:08:28 UTC Import patches-unapplied version 2.4.25-3ubuntu2.3 to ubuntu/zesty-security Imported using git-ubuntu import. Changelog parent: 8840cd42bf40a2c00ee0748841c259cc96f7a7df New changelog entries: * SECURITY UPDATE: optionsbleed information leak - debian/patches/CVE-2017-9798.patch: disallow method registration at run time in server/core.c. - CVE-2017-9798
applied/ubuntu/zesty-security	2017-09-19 17:24:04 UTC 2017-09-19	Import patches-applied version 2.4.25-3ubuntu2.3 to applied/ubuntu/zesty-secu... Author: Marc Deslauriers Author Date: 2017-09-18 15:08:28 UTC Import patches-applied version 2.4.25-3ubuntu2.3 to applied/ubuntu/zesty-security Imported using git-ubuntu import. Changelog parent: e391d728f15d6a2fa6a4ddde7cf4121ccca6d9d2 Unapplied parent: 4c6e6ab90f12f4ef7f1a84ab40c605c925d42ab3 New changelog entries: * SECURITY UPDATE: optionsbleed information leak - debian/patches/CVE-2017-9798.patch: disallow method registration at run time in server/core.c. - CVE-2017-9798
ubuntu/zesty-security	2017-09-19 17:24:04 UTC 2017-09-19	Import patches-unapplied version 2.4.25-3ubuntu2.3 to ubuntu/zesty-security Author: Marc Deslauriers Author Date: 2017-09-18 15:08:28 UTC Import patches-unapplied version 2.4.25-3ubuntu2.3 to ubuntu/zesty-security Imported using git-ubuntu import. Changelog parent: 8840cd42bf40a2c00ee0748841c259cc96f7a7df New changelog entries: * SECURITY UPDATE: optionsbleed information leak - debian/patches/CVE-2017-9798.patch: disallow method registration at run time in server/core.c. - CVE-2017-9798
applied/ubuntu/artful	2017-09-18 16:54:16 UTC 2017-09-18	Import patches-applied version 2.4.27-2ubuntu3 to applied/ubuntu/artful-proposed Author: Marc Deslauriers Author Date: 2017-09-18 15:05:48 UTC Import patches-applied version 2.4.27-2ubuntu3 to applied/ubuntu/artful-proposed Imported using git-ubuntu import. Changelog parent: a9d928beb04c919f0eb42bddd3574598261d3b03 Unapplied parent: b854305b2d29d662ed441f6a66952ab5649ed634 New changelog entries: * SECURITY UPDATE: optionsbleed information leak - debian/patches/CVE-2017-9798.patch: disallow method registration at run time in server/core.c. - CVE-2017-9798
ubuntu/artful	2017-09-18 16:54:16 UTC 2017-09-18	Import patches-unapplied version 2.4.27-2ubuntu3 to ubuntu/artful-proposed Author: Marc Deslauriers Author Date: 2017-09-18 15:05:48 UTC Import patches-unapplied version 2.4.27-2ubuntu3 to ubuntu/artful-proposed Imported using git-ubuntu import. Changelog parent: f09ecdf404a45f84d3f6706d7415653f3faa38d7 New changelog entries: * SECURITY UPDATE: optionsbleed information leak - debian/patches/CVE-2017-9798.patch: disallow method registration at run time in server/core.c. - CVE-2017-9798
debian/experimental	2017-08-09 04:27:50 UTC 2017-08-09	Import patches-unapplied version 2.4.27-4 to debian/experimental Author: Stefan Fritsch Author Date: 2017-08-08 19:59:37 UTC Import patches-unapplied version 2.4.27-4 to debian/experimental Imported using git-ubuntu import. Changelog parent: f7ef7e92d24d60f681df739f05081350a628d775 New changelog entries: * Use 'invoke-rc.d' instead of init script in logrotate script. Closes: #857607 * Make the apache-htcacheclean init script actually look into /etc/default/apache-htcacheclean for its config. LP: #1691495 * mime.conf: Guard AddOutputFilter INCLUDES with proper <IfModule>. LP: #1675184 * Use 'service' instead of init script in monit example config. * Bump Standards-Version to 4.0.1. Other changes: - change package priorities from extra to optional * Use libprotocol-http2-perl in autopkgtest. * Update test suite to svn r1804214. * Various tweaks to the test suite autopkgtest to avoid having to skip any test. * Also remove -DBUILD_DATETIME and -fdebug-prefix-map from config_vars.mk to avoid them being used by apxs. * deflate.conf: Remove mention of MSIE6
applied/debian/experimental	2017-08-09 04:27:50 UTC 2017-08-09	Import patches-applied version 2.4.27-4 to applied/debian/experimental Author: Stefan Fritsch Author Date: 2017-08-08 19:59:37 UTC Import patches-applied version 2.4.27-4 to applied/debian/experimental Imported using git-ubuntu import. Changelog parent: de4d68c17b6c366eaed7527386ac0b365b227b8c Unapplied parent: 750c574d225db8c1f1c796236fc6674648ca780c New changelog entries: * Use 'invoke-rc.d' instead of init script in logrotate script. Closes: #857607 * Make the apache-htcacheclean init script actually look into /etc/default/apache-htcacheclean for its config. LP: #1691495 * mime.conf: Guard AddOutputFilter INCLUDES with proper <IfModule>. LP: #1675184 * Use 'service' instead of init script in monit example config. * Bump Standards-Version to 4.0.1. Other changes: - change package priorities from extra to optional * Use libprotocol-http2-perl in autopkgtest. * Update test suite to svn r1804214. * Various tweaks to the test suite autopkgtest to avoid having to skip any test. * Also remove -DBUILD_DATETIME and -fdebug-prefix-map from config_vars.mk to avoid them being used by apxs. * deflate.conf: Remove mention of MSIE6
applied/ubuntu/yakkety-updates	2017-06-26 17:13:38 UTC 2017-06-26	Import patches-applied version 2.4.18-2ubuntu4.2 to applied/ubuntu/yakkety-se... Author: Marc Deslauriers Author Date: 2017-06-26 11:57:04 UTC Import patches-applied version 2.4.18-2ubuntu4.2 to applied/ubuntu/yakkety-security Imported using git-ubuntu import. Changelog parent: 59181d55c088186b8fdbac93ebfecb6ecb77799b Unapplied parent: 20f84083a9f4578ac55e63b09549b1abce1b36d7 New changelog entries: * SECURITY UPDATE: authentication bypass in ap_get_basic_auth_pw() - debian/patches/CVE-2017-3167.patch: deprecate and replace ap_get_basic_auth_pw in include/ap_mmn.h, include/http_protocol.h, server/protocol.c, server/request.c. - CVE-2017-3167 * SECURITY UPDATE: NULL pointer deref in ap_hook_process_connection() - debian/patches/CVE-2017-3169.patch: fix ctx passed to ssl_io_filter_error() in modules/ssl/ssl_engine_io.c. - CVE-2017-3169 * SECURITY UPDATE: denial of service and possible incorrect value return in HTTP strict parsing changes - debian/patches/CVE-2017-7668.patch: short-circuit on NULL in server/util.c. - CVE-2017-7668 * SECURITY UPDATE: mod_mime DoS via crafted Content-Type response header - debian/patches/CVE-2017-7679.patch: fix quoted pair scanning in modules/http/mod_mime.c. - CVE-2017-7679
applied/ubuntu/yakkety-security	2017-06-26 17:13:38 UTC 2017-06-26	Import patches-applied version 2.4.18-2ubuntu4.2 to applied/ubuntu/yakkety-se... Author: Marc Deslauriers Author Date: 2017-06-26 11:57:04 UTC Import patches-applied version 2.4.18-2ubuntu4.2 to applied/ubuntu/yakkety-security Imported using git-ubuntu import. Changelog parent: 59181d55c088186b8fdbac93ebfecb6ecb77799b Unapplied parent: 20f84083a9f4578ac55e63b09549b1abce1b36d7 New changelog entries: * SECURITY UPDATE: authentication bypass in ap_get_basic_auth_pw() - debian/patches/CVE-2017-3167.patch: deprecate and replace ap_get_basic_auth_pw in include/ap_mmn.h, include/http_protocol.h, server/protocol.c, server/request.c. - CVE-2017-3167 * SECURITY UPDATE: NULL pointer deref in ap_hook_process_connection() - debian/patches/CVE-2017-3169.patch: fix ctx passed to ssl_io_filter_error() in modules/ssl/ssl_engine_io.c. - CVE-2017-3169 * SECURITY UPDATE: denial of service and possible incorrect value return in HTTP strict parsing changes - debian/patches/CVE-2017-7668.patch: short-circuit on NULL in server/util.c. - CVE-2017-7668 * SECURITY UPDATE: mod_mime DoS via crafted Content-Type response header - debian/patches/CVE-2017-7679.patch: fix quoted pair scanning in modules/http/mod_mime.c. - CVE-2017-7679
ubuntu/yakkety-devel	2017-06-26 17:13:38 UTC 2017-06-26	Import patches-unapplied version 2.4.18-2ubuntu4.2 to ubuntu/yakkety-security Author: Marc Deslauriers Author Date: 2017-06-26 11:57:04 UTC Import patches-unapplied version 2.4.18-2ubuntu4.2 to ubuntu/yakkety-security Imported using git-ubuntu import. Changelog parent: 0f872b4a1d471912b5ed65424bd22f3e11b801d7 New changelog entries: * SECURITY UPDATE: authentication bypass in ap_get_basic_auth_pw() - debian/patches/CVE-2017-3167.patch: deprecate and replace ap_get_basic_auth_pw in include/ap_mmn.h, include/http_protocol.h, server/protocol.c, server/request.c. - CVE-2017-3167 * SECURITY UPDATE: NULL pointer deref in ap_hook_process_connection() - debian/patches/CVE-2017-3169.patch: fix ctx passed to ssl_io_filter_error() in modules/ssl/ssl_engine_io.c. - CVE-2017-3169 * SECURITY UPDATE: denial of service and possible incorrect value return in HTTP strict parsing changes - debian/patches/CVE-2017-7668.patch: short-circuit on NULL in server/util.c. - CVE-2017-7668 * SECURITY UPDATE: mod_mime DoS via crafted Content-Type response header - debian/patches/CVE-2017-7679.patch: fix quoted pair scanning in modules/http/mod_mime.c. - CVE-2017-7679
ubuntu/yakkety-security	2017-06-26 17:13:38 UTC 2017-06-26	Import patches-unapplied version 2.4.18-2ubuntu4.2 to ubuntu/yakkety-security Author: Marc Deslauriers Author Date: 2017-06-26 11:57:04 UTC Import patches-unapplied version 2.4.18-2ubuntu4.2 to ubuntu/yakkety-security Imported using git-ubuntu import. Changelog parent: 0f872b4a1d471912b5ed65424bd22f3e11b801d7 New changelog entries: * SECURITY UPDATE: authentication bypass in ap_get_basic_auth_pw() - debian/patches/CVE-2017-3167.patch: deprecate and replace ap_get_basic_auth_pw in include/ap_mmn.h, include/http_protocol.h, server/protocol.c, server/request.c. - CVE-2017-3167 * SECURITY UPDATE: NULL pointer deref in ap_hook_process_connection() - debian/patches/CVE-2017-3169.patch: fix ctx passed to ssl_io_filter_error() in modules/ssl/ssl_engine_io.c. - CVE-2017-3169 * SECURITY UPDATE: denial of service and possible incorrect value return in HTTP strict parsing changes - debian/patches/CVE-2017-7668.patch: short-circuit on NULL in server/util.c. - CVE-2017-7668 * SECURITY UPDATE: mod_mime DoS via crafted Content-Type response header - debian/patches/CVE-2017-7679.patch: fix quoted pair scanning in modules/http/mod_mime.c. - CVE-2017-7679
ubuntu/yakkety-updates	2017-06-26 17:13:38 UTC 2017-06-26	Import patches-unapplied version 2.4.18-2ubuntu4.2 to ubuntu/yakkety-security Author: Marc Deslauriers Author Date: 2017-06-26 11:57:04 UTC Import patches-unapplied version 2.4.18-2ubuntu4.2 to ubuntu/yakkety-security Imported using git-ubuntu import. Changelog parent: 0f872b4a1d471912b5ed65424bd22f3e11b801d7 New changelog entries: * SECURITY UPDATE: authentication bypass in ap_get_basic_auth_pw() - debian/patches/CVE-2017-3167.patch: deprecate and replace ap_get_basic_auth_pw in include/ap_mmn.h, include/http_protocol.h, server/protocol.c, server/request.c. - CVE-2017-3167 * SECURITY UPDATE: NULL pointer deref in ap_hook_process_connection() - debian/patches/CVE-2017-3169.patch: fix ctx passed to ssl_io_filter_error() in modules/ssl/ssl_engine_io.c. - CVE-2017-3169 * SECURITY UPDATE: denial of service and possible incorrect value return in HTTP strict parsing changes - debian/patches/CVE-2017-7668.patch: short-circuit on NULL in server/util.c. - CVE-2017-7668 * SECURITY UPDATE: mod_mime DoS via crafted Content-Type response header - debian/patches/CVE-2017-7679.patch: fix quoted pair scanning in modules/http/mod_mime.c. - CVE-2017-7679
applied/ubuntu/yakkety-devel	2017-06-26 17:13:38 UTC 2017-06-26	Import patches-applied version 2.4.18-2ubuntu4.2 to applied/ubuntu/yakkety-se... Author: Marc Deslauriers Author Date: 2017-06-26 11:57:04 UTC Import patches-applied version 2.4.18-2ubuntu4.2 to applied/ubuntu/yakkety-security Imported using git-ubuntu import. Changelog parent: 59181d55c088186b8fdbac93ebfecb6ecb77799b Unapplied parent: 20f84083a9f4578ac55e63b09549b1abce1b36d7 New changelog entries: * SECURITY UPDATE: authentication bypass in ap_get_basic_auth_pw() - debian/patches/CVE-2017-3167.patch: deprecate and replace ap_get_basic_auth_pw in include/ap_mmn.h, include/http_protocol.h, server/protocol.c, server/request.c. - CVE-2017-3167 * SECURITY UPDATE: NULL pointer deref in ap_hook_process_connection() - debian/patches/CVE-2017-3169.patch: fix ctx passed to ssl_io_filter_error() in modules/ssl/ssl_engine_io.c. - CVE-2017-3169 * SECURITY UPDATE: denial of service and possible incorrect value return in HTTP strict parsing changes - debian/patches/CVE-2017-7668.patch: short-circuit on NULL in server/util.c. - CVE-2017-7668 * SECURITY UPDATE: mod_mime DoS via crafted Content-Type response header - debian/patches/CVE-2017-7679.patch: fix quoted pair scanning in modules/http/mod_mime.c. - CVE-2017-7679
applied/ubuntu/zesty	2017-02-10 17:03:26 UTC 2017-02-10	Import patches-applied version 2.4.25-3ubuntu2 to applied/ubuntu/zesty-proposed Author: Nish Aravamudan Author Date: 2017-02-10 16:53:43 UTC Import patches-applied version 2.4.25-3ubuntu2 to applied/ubuntu/zesty-proposed Imported using git-ubuntu import. Changelog parent: c104dcc49e7323e1d3aca5e7aefae424c3cbd16f Unapplied parent: 76f1c069823774bac311b0800f8910f2bf6c8124 New changelog entries: * Undrop (LP 1658469): - Don't build experimental http2 module for LTS: + debian/control: removed libnghttp2-dev Build-Depends (in universe). + debian/config-dir/mods-available/http2.load: removed. + debian/rules: removed proxy_http2 from configure. + debian/apache2.maintscript: remove http2 conffile.
applied/ubuntu/zesty-proposed	2017-02-10 17:03:26 UTC 2017-02-10	Import patches-applied version 2.4.25-3ubuntu2 to applied/ubuntu/zesty-proposed Author: Nish Aravamudan Author Date: 2017-02-10 16:53:43 UTC Import patches-applied version 2.4.25-3ubuntu2 to applied/ubuntu/zesty-proposed Imported using git-ubuntu import. Changelog parent: c104dcc49e7323e1d3aca5e7aefae424c3cbd16f Unapplied parent: 76f1c069823774bac311b0800f8910f2bf6c8124 New changelog entries: * Undrop (LP 1658469): - Don't build experimental http2 module for LTS: + debian/control: removed libnghttp2-dev Build-Depends (in universe). + debian/config-dir/mods-available/http2.load: removed. + debian/rules: removed proxy_http2 from configure. + debian/apache2.maintscript: remove http2 conffile.
ubuntu/zesty	2017-02-10 17:03:26 UTC 2017-02-10	Import patches-unapplied version 2.4.25-3ubuntu2 to ubuntu/zesty-proposed Author: Nish Aravamudan Author Date: 2017-02-10 16:53:43 UTC Import patches-unapplied version 2.4.25-3ubuntu2 to ubuntu/zesty-proposed Imported using git-ubuntu import. Changelog parent: f110b98a2e759a131e5fa7b6b13c58d73f6c1550 New changelog entries: * Undrop (LP 1658469): - Don't build experimental http2 module for LTS: + debian/control: removed libnghttp2-dev Build-Depends (in universe). + debian/config-dir/mods-available/http2.load: removed. + debian/rules: removed proxy_http2 from configure. + debian/apache2.maintscript: remove http2 conffile.
ubuntu/zesty-proposed	2017-02-10 17:03:26 UTC 2017-02-10	Import patches-unapplied version 2.4.25-3ubuntu2 to ubuntu/zesty-proposed Author: Nish Aravamudan Author Date: 2017-02-10 16:53:43 UTC Import patches-unapplied version 2.4.25-3ubuntu2 to ubuntu/zesty-proposed Imported using git-ubuntu import. Changelog parent: f110b98a2e759a131e5fa7b6b13c58d73f6c1550 New changelog entries: * Undrop (LP 1658469): - Don't build experimental http2 module for LTS: + debian/control: removed libnghttp2-dev Build-Depends (in universe). + debian/config-dir/mods-available/http2.load: removed. + debian/rules: removed proxy_http2 from configure. + debian/apache2.maintscript: remove http2 conffile.
applied/ubuntu/trusty-backports	2016-08-31 16:24:27 UTC 2016-08-31	Import patches-applied version 2.4.10-1ubuntu1.1~ubuntu14.04.2 to applied/ubu... Author: Mike Gerow Author Date: 2016-07-21 21:53:00 UTC Import patches-applied version 2.4.10-1ubuntu1.1~ubuntu14.04.2 to applied/ubuntu/trusty-backports Imported using git-ubuntu import. Changelog parent: 46aa6c92efb0b769d76ae9b1fe9cee8bbc0b0593 Unapplied parent: 9cb03113c76117fb38daca7051c91db25f8f1584 New changelog entries: * CVE-2016-5387 (LP: #1604209)
ubuntu/trusty-backports	2016-08-31 16:24:27 UTC 2016-08-31	Import patches-unapplied version 2.4.10-1ubuntu1.1~ubuntu14.04.2 to ubuntu/tr... Author: Mike Gerow Author Date: 2016-07-21 21:53:00 UTC Import patches-unapplied version 2.4.10-1ubuntu1.1~ubuntu14.04.2 to ubuntu/trusty-backports Imported using git-ubuntu import. Changelog parent: 3921bce3edba179bfd690db4379555e796b54371 New changelog entries: * CVE-2016-5387 (LP: #1604209)
applied/ubuntu/yakkety-proposed	2016-07-18 18:59:05 UTC 2016-07-18	Import patches-applied version 2.4.18-2ubuntu4 to applied/ubuntu/yakkety-prop... Author: Marc Deslauriers Author Date: 2016-07-18 18:32:02 UTC Import patches-applied version 2.4.18-2ubuntu4 to applied/ubuntu/yakkety-proposed Imported using git-ubuntu import. Changelog parent: cb13433b66d68a397ea0c2fad1a5bfd4d7f55b42 Unapplied parent: 819fa9479958f93eaff872282c2cf57996094589 New changelog entries: * SECURITY UPDATE: proxy request header vulnerability (httpoxy) - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in server/util_script.c. - CVE-2016-5387
ubuntu/yakkety-proposed	2016-07-18 18:59:05 UTC 2016-07-18	Import patches-unapplied version 2.4.18-2ubuntu4 to ubuntu/yakkety-proposed Author: Marc Deslauriers Author Date: 2016-07-18 18:32:02 UTC Import patches-unapplied version 2.4.18-2ubuntu4 to ubuntu/yakkety-proposed Imported using git-ubuntu import. Changelog parent: e16db65293a582fc13e9b00194ba3287590f5fb6 New changelog entries: * SECURITY UPDATE: proxy request header vulnerability (httpoxy) - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in server/util_script.c. - CVE-2016-5387
ubuntu/yakkety	2016-07-18 18:59:05 UTC 2016-07-18	Import patches-unapplied version 2.4.18-2ubuntu4 to ubuntu/yakkety-proposed Author: Marc Deslauriers Author Date: 2016-07-18 18:32:02 UTC Import patches-unapplied version 2.4.18-2ubuntu4 to ubuntu/yakkety-proposed Imported using git-ubuntu import. Changelog parent: e16db65293a582fc13e9b00194ba3287590f5fb6 New changelog entries: * SECURITY UPDATE: proxy request header vulnerability (httpoxy) - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in server/util_script.c. - CVE-2016-5387
applied/ubuntu/yakkety	2016-07-18 18:59:05 UTC 2016-07-18	Import patches-applied version 2.4.18-2ubuntu4 to applied/ubuntu/yakkety-prop... Author: Marc Deslauriers Author Date: 2016-07-18 18:32:02 UTC Import patches-applied version 2.4.18-2ubuntu4 to applied/ubuntu/yakkety-proposed Imported using git-ubuntu import. Changelog parent: cb13433b66d68a397ea0c2fad1a5bfd4d7f55b42 Unapplied parent: 819fa9479958f93eaff872282c2cf57996094589 New changelog entries: * SECURITY UPDATE: proxy request header vulnerability (httpoxy) - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in server/util_script.c. - CVE-2016-5387
applied/ubuntu/wily-devel	2016-07-18 18:04:22 UTC 2016-07-18	Import patches-applied version 2.4.12-2ubuntu2.1 to applied/ubuntu/wily-security Author: Marc Deslauriers Author Date: 2016-07-14 12:39:28 UTC Import patches-applied version 2.4.12-2ubuntu2.1 to applied/ubuntu/wily-security Imported using git-ubuntu import. Changelog parent: e6ec171e91b9edc24a30947d128dce2db26b5b80 Unapplied parent: b05dcd36cab02c6460e1ea3d187b3a1253061101 New changelog entries: * SECURITY UPDATE: proxy request header vulnerability (httpoxy) - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in server/util_script.c. - CVE-2016-5387
ubuntu/precise-devel	2016-07-18 18:04:22 UTC 2016-07-18	Import patches-unapplied version 2.2.22-1ubuntu1.11 to ubuntu/precise-security Author: Marc Deslauriers Author Date: 2016-07-14 12:50:27 UTC Import patches-unapplied version 2.2.22-1ubuntu1.11 to ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: e2c1e15f5e252e69dcc8dcf82e92fff7e616714f New changelog entries: * SECURITY UPDATE: proxy request header vulnerability (httpoxy) - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in server/util_script.c. - CVE-2016-5387 * This update does _not_ contain the changes from (2.4.7-1ubuntu4.12) in trusty-proposed.
applied/ubuntu/wily-security	2016-07-18 18:04:22 UTC 2016-07-18	Import patches-applied version 2.4.12-2ubuntu2.1 to applied/ubuntu/wily-security Author: Marc Deslauriers Author Date: 2016-07-14 12:39:28 UTC Import patches-applied version 2.4.12-2ubuntu2.1 to applied/ubuntu/wily-security Imported using git-ubuntu import. Changelog parent: e6ec171e91b9edc24a30947d128dce2db26b5b80 Unapplied parent: b05dcd36cab02c6460e1ea3d187b3a1253061101 New changelog entries: * SECURITY UPDATE: proxy request header vulnerability (httpoxy) - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in server/util_script.c. - CVE-2016-5387
ubuntu/precise-updates	2016-07-18 18:04:22 UTC 2016-07-18	Import patches-unapplied version 2.2.22-1ubuntu1.11 to ubuntu/precise-security Author: Marc Deslauriers Author Date: 2016-07-14 12:50:27 UTC Import patches-unapplied version 2.2.22-1ubuntu1.11 to ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: e2c1e15f5e252e69dcc8dcf82e92fff7e616714f New changelog entries: * SECURITY UPDATE: proxy request header vulnerability (httpoxy) - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in server/util_script.c. - CVE-2016-5387 * This update does _not_ contain the changes from (2.4.7-1ubuntu4.12) in trusty-proposed.
applied/ubuntu/precise-updates	2016-07-18 18:04:22 UTC 2016-07-18	Import patches-applied version 2.2.22-1ubuntu1.11 to applied/ubuntu/precise-s... Author: Marc Deslauriers Author Date: 2016-07-14 12:50:27 UTC Import patches-applied version 2.2.22-1ubuntu1.11 to applied/ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: e687fed6ae4aa3ea1612e74d20f48bcecb6c55cc Unapplied parent: a965cf1db7620c2141bd3a958b48f44351a05e8f New changelog entries: * SECURITY UPDATE: proxy request header vulnerability (httpoxy) - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in server/util_script.c. - CVE-2016-5387 * This update does _not_ contain the changes from (2.4.7-1ubuntu4.12) in trusty-proposed.
applied/ubuntu/precise-security	2016-07-18 18:04:22 UTC 2016-07-18	Import patches-applied version 2.2.22-1ubuntu1.11 to applied/ubuntu/precise-s... Author: Marc Deslauriers Author Date: 2016-07-14 12:50:27 UTC Import patches-applied version 2.2.22-1ubuntu1.11 to applied/ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: e687fed6ae4aa3ea1612e74d20f48bcecb6c55cc Unapplied parent: a965cf1db7620c2141bd3a958b48f44351a05e8f New changelog entries: * SECURITY UPDATE: proxy request header vulnerability (httpoxy) - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in server/util_script.c. - CVE-2016-5387 * This update does _not_ contain the changes from (2.4.7-1ubuntu4.12) in trusty-proposed.
applied/ubuntu/precise-devel	2016-07-18 18:04:22 UTC 2016-07-18	Import patches-applied version 2.2.22-1ubuntu1.11 to applied/ubuntu/precise-s... Author: Marc Deslauriers Author Date: 2016-07-14 12:50:27 UTC Import patches-applied version 2.2.22-1ubuntu1.11 to applied/ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: e687fed6ae4aa3ea1612e74d20f48bcecb6c55cc Unapplied parent: a965cf1db7620c2141bd3a958b48f44351a05e8f New changelog entries: * SECURITY UPDATE: proxy request header vulnerability (httpoxy) - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in server/util_script.c. - CVE-2016-5387 * This update does _not_ contain the changes from (2.4.7-1ubuntu4.12) in trusty-proposed.
ubuntu/precise-security	2016-07-18 18:04:22 UTC 2016-07-18	Import patches-unapplied version 2.2.22-1ubuntu1.11 to ubuntu/precise-security Author: Marc Deslauriers Author Date: 2016-07-14 12:50:27 UTC Import patches-unapplied version 2.2.22-1ubuntu1.11 to ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: e2c1e15f5e252e69dcc8dcf82e92fff7e616714f New changelog entries: * SECURITY UPDATE: proxy request header vulnerability (httpoxy) - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in server/util_script.c. - CVE-2016-5387 * This update does _not_ contain the changes from (2.4.7-1ubuntu4.12) in trusty-proposed.
ubuntu/wily-updates	2016-07-18 18:04:22 UTC 2016-07-18	Import patches-unapplied version 2.4.12-2ubuntu2.1 to ubuntu/wily-security Author: Marc Deslauriers Author Date: 2016-07-14 12:39:28 UTC Import patches-unapplied version 2.4.12-2ubuntu2.1 to ubuntu/wily-security Imported using git-ubuntu import. Changelog parent: 80e107784b66ab740328c0da1c1d81f9e20168dd New changelog entries: * SECURITY UPDATE: proxy request header vulnerability (httpoxy) - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in server/util_script.c. - CVE-2016-5387
ubuntu/wily-devel	2016-07-18 18:04:22 UTC 2016-07-18	Import patches-unapplied version 2.4.12-2ubuntu2.1 to ubuntu/wily-security Author: Marc Deslauriers Author Date: 2016-07-14 12:39:28 UTC Import patches-unapplied version 2.4.12-2ubuntu2.1 to ubuntu/wily-security Imported using git-ubuntu import. Changelog parent: 80e107784b66ab740328c0da1c1d81f9e20168dd New changelog entries: * SECURITY UPDATE: proxy request header vulnerability (httpoxy) - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in server/util_script.c. - CVE-2016-5387
applied/ubuntu/wily-updates	2016-07-18 18:04:22 UTC 2016-07-18	Import patches-applied version 2.4.12-2ubuntu2.1 to applied/ubuntu/wily-security Author: Marc Deslauriers Author Date: 2016-07-14 12:39:28 UTC Import patches-applied version 2.4.12-2ubuntu2.1 to applied/ubuntu/wily-security Imported using git-ubuntu import. Changelog parent: e6ec171e91b9edc24a30947d128dce2db26b5b80 Unapplied parent: b05dcd36cab02c6460e1ea3d187b3a1253061101 New changelog entries: * SECURITY UPDATE: proxy request header vulnerability (httpoxy) - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in server/util_script.c. - CVE-2016-5387
ubuntu/wily-security	2016-07-18 18:04:22 UTC 2016-07-18	Import patches-unapplied version 2.4.12-2ubuntu2.1 to ubuntu/wily-security Author: Marc Deslauriers Author Date: 2016-07-14 12:39:28 UTC Import patches-unapplied version 2.4.12-2ubuntu2.1 to ubuntu/wily-security Imported using git-ubuntu import. Changelog parent: 80e107784b66ab740328c0da1c1d81f9e20168dd New changelog entries: * SECURITY UPDATE: proxy request header vulnerability (httpoxy) - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in server/util_script.c. - CVE-2016-5387
applied/ubuntu/xenial	2016-04-15 18:34:03 UTC 2016-04-15	Import patches-applied version 2.4.18-2ubuntu3 to applied/ubuntu/xenial-proposed Author: Robie Basak Author Date: 2016-04-15 18:00:57 UTC Import patches-applied version 2.4.18-2ubuntu3 to applied/ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: 7346ee7445f72e010d0f96b5b6d51280233b3e2f Unapplied parent: 91dde7dd3f230f25e6279d633aa6517a56746aec New changelog entries: [ Ryan Harper ] * Drop /etc/apache2/mods-available/http2.load. This was inadvertently introduced in 2.4.18-2ubuntu1. The intention is to not carry this at all, since http2 support is intentionally disabled (see LP 1531864). * d/apache2.maintscript: handle removal of http2.load conffile. [ Robie Basak ] * Re-write Ryan's changelog entry.
ubuntu/xenial	2016-04-15 18:34:03 UTC 2016-04-15	Import patches-unapplied version 2.4.18-2ubuntu3 to ubuntu/xenial-proposed Author: Robie Basak Author Date: 2016-04-15 18:00:57 UTC Import patches-unapplied version 2.4.18-2ubuntu3 to ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: cd6688141c7aecd46fd9dece4683e114cc605535 New changelog entries: [ Ryan Harper ] * Drop /etc/apache2/mods-available/http2.load. This was inadvertently introduced in 2.4.18-2ubuntu1. The intention is to not carry this at all, since http2 support is intentionally disabled (see LP 1531864). * d/apache2.maintscript: handle removal of http2.load conffile. [ Robie Basak ] * Re-write Ryan's changelog entry.
debian/wheezy	2015-09-05 16:51:01 UTC 2015-09-05	Import patches-unapplied version 2.2.22-13+deb7u6 to debian/wheezy Author: Stefan Fritsch Author Date: 2015-08-18 09:41:11 UTC Import patches-unapplied version 2.2.22-13+deb7u6 to debian/wheezy Imported using git-ubuntu import. Changelog parent: 97530c3b6f2d0f0a60edb1b22ea9245fb03db6f8 New changelog entries: * Fix regression causing spurious errors when loading certificate chain. Closes: #794383 * CVE-2015-3183: Fix request smuggling via chunked transfer encoding. Backported by Marc Deslauriers. * Don't limit default DH parameters to 1024 bits. Closes: #780398 This may cause problems with some Java based clients. A work-around is to configure these client not to use DHE key exchange but use ECDHE or RSA instead. A server-side work-around that limits the DH parameters to 1024 bits for all clients is described at http://httpd.apache.org/docs/trunk/ssl/ssl_faq.html#javadh . * Backport support for adding DH parameters to the SSLCertificateFile.
applied/debian/wheezy	2015-09-05 16:51:01 UTC 2015-09-05	Import patches-applied version 2.2.22-13+deb7u6 to applied/debian/wheezy Author: Stefan Fritsch Author Date: 2015-08-18 09:41:11 UTC Import patches-applied version 2.2.22-13+deb7u6 to applied/debian/wheezy Imported using git-ubuntu import. Changelog parent: 9a2f32ff96df9ad1d6fb90a0590c899aa90dd70f Unapplied parent: ecad7e8b5713e135011884cbcd6bd0a32fb34820 New changelog entries: * Fix regression causing spurious errors when loading certificate chain. Closes: #794383 * CVE-2015-3183: Fix request smuggling via chunked transfer encoding. Backported by Marc Deslauriers. * Don't limit default DH parameters to 1024 bits. Closes: #780398 This may cause problems with some Java based clients. A work-around is to configure these client not to use DHE key exchange but use ECDHE or RSA instead. A server-side work-around that limits the DH parameters to 1024 bits for all clients is described at http://httpd.apache.org/docs/trunk/ssl/ssl_faq.html#javadh . * Backport support for adding DH parameters to the SSLCertificateFile.
applied/ubuntu/vivid-devel	2015-07-27 17:43:37 UTC 2015-07-27	Import patches-applied version 2.4.10-9ubuntu1.1 to applied/ubuntu/vivid-secu... Author: Marc Deslauriers Author Date: 2015-07-24 16:25:41 UTC Import patches-applied version 2.4.10-9ubuntu1.1 to applied/ubuntu/vivid-security Imported using git-ubuntu import. Changelog parent: 820b66fb86388042c7d874ed60021c19762e090e Unapplied parent: 51ec5ea508b960da2c0270cee551cbc4c5a36737 New changelog entries: * SECURITY UPDATE: request smuggling via chunked transfer encoding - debian/patches/CVE-2015-3183.patch: refactor chunk parsing in modules/http/http_filters.c. - CVE-2015-3183 * SECURITY UPDATE: access restriction bypass via deprecated API - debian/patches/CVE-2015-3185.patch: deprecate old API and add new one in include/http_request.h, server/request.c. - CVE-2015-3185
applied/ubuntu/vivid-security	2015-07-27 17:43:37 UTC 2015-07-27	Import patches-applied version 2.4.10-9ubuntu1.1 to applied/ubuntu/vivid-secu... Author: Marc Deslauriers Author Date: 2015-07-24 16:25:41 UTC Import patches-applied version 2.4.10-9ubuntu1.1 to applied/ubuntu/vivid-security Imported using git-ubuntu import. Changelog parent: 820b66fb86388042c7d874ed60021c19762e090e Unapplied parent: 51ec5ea508b960da2c0270cee551cbc4c5a36737 New changelog entries: * SECURITY UPDATE: request smuggling via chunked transfer encoding - debian/patches/CVE-2015-3183.patch: refactor chunk parsing in modules/http/http_filters.c. - CVE-2015-3183 * SECURITY UPDATE: access restriction bypass via deprecated API - debian/patches/CVE-2015-3185.patch: deprecate old API and add new one in include/http_request.h, server/request.c. - CVE-2015-3185
ubuntu/vivid-security	2015-07-27 17:43:37 UTC 2015-07-27	Import patches-unapplied version 2.4.10-9ubuntu1.1 to ubuntu/vivid-security Author: Marc Deslauriers Author Date: 2015-07-24 16:25:41 UTC Import patches-unapplied version 2.4.10-9ubuntu1.1 to ubuntu/vivid-security Imported using git-ubuntu import. Changelog parent: c0aaa2266ca9a1a0a2616ef7693353b3b20150e4 New changelog entries: * SECURITY UPDATE: request smuggling via chunked transfer encoding - debian/patches/CVE-2015-3183.patch: refactor chunk parsing in modules/http/http_filters.c. - CVE-2015-3183 * SECURITY UPDATE: access restriction bypass via deprecated API - debian/patches/CVE-2015-3185.patch: deprecate old API and add new one in include/http_request.h, server/request.c. - CVE-2015-3185
applied/ubuntu/vivid-updates	2015-07-27 17:43:37 UTC 2015-07-27	Import patches-applied version 2.4.10-9ubuntu1.1 to applied/ubuntu/vivid-secu... Author: Marc Deslauriers Author Date: 2015-07-24 16:25:41 UTC Import patches-applied version 2.4.10-9ubuntu1.1 to applied/ubuntu/vivid-security Imported using git-ubuntu import. Changelog parent: 820b66fb86388042c7d874ed60021c19762e090e Unapplied parent: 51ec5ea508b960da2c0270cee551cbc4c5a36737 New changelog entries: * SECURITY UPDATE: request smuggling via chunked transfer encoding - debian/patches/CVE-2015-3183.patch: refactor chunk parsing in modules/http/http_filters.c. - CVE-2015-3183 * SECURITY UPDATE: access restriction bypass via deprecated API - debian/patches/CVE-2015-3185.patch: deprecate old API and add new one in include/http_request.h, server/request.c. - CVE-2015-3185

Other repositories

Name	Last Modified
lp:ubuntu/+source/apache2	2018-07-14
lp:~ahasenack/ubuntu/+source/apache2	2018-06-28
lp:~nacc/ubuntu/+source/apache2	2017-07-27
lp:~evarlast/ubuntu/+source/apache2	2016-11-30

You can't create new repositories for apache2 in Ubuntu.