Last commit made on 2021-07-08
Get this branch:
git clone -b merge-v2.4.48-3-impish https://git.launchpad.net/~bryce/ubuntu/+source/apache2
Only Bryce Harrington can upload to this branch. If you are Bryce Harrington please log in for upload directions.

Branch merges

Branch information


Recent commits

ed8d679... by Bryce Harrington

changelog reformatting for release

6c79060... by Bryce Harrington


fef9381... by Bryce Harrington


6e846e9... by Bryce Harrington


1fa9570... by Bryce Harrington

  * Dropped:
    - SECURITY UPDATE: Unexpected matching behavior with 'MergeSlashes OFF'
      + debian/patches/CVE-2021-30641.patch: change default behavior in
      + CVE-2021-30641
      [Fixed in 2.4.48-1]

539bc55... by Bryce Harrington

  * Dropped:
    - SECURITY UPDATE: heap overflow via SessionHeader
      + debian/patches/CVE-2021-26691.patch: account for the '&' in
        identity_concat() in modules/session/mod_session.c.
      + CVE-2021-26691
      [Fixed in 2.4.48-1]

ab3c095... by Bryce Harrington

  * Dropped:
    - SECURITY UPDATE: DoS via cookie header in mod_session
      + debian/patches/CVE-2021-26690.patch: save one apr_strtok() in
        session_identity_decode() in modules/session/mod_session.c.
      + CVE-2021-26690
      [Fixed in 2.4.48-1]

3ad1358... by Bryce Harrington

  * Dropped:
    - SECURITY UPDATE: stack overflow via Digest nonce in mod_auth_digest
      + debian/patches/CVE-2020-35452.patch: fast validation of the nonce's
        base64 to fail early if the format can't match anyway in
      + CVE-2020-35452
      [Fixed in 2.4.48-1]

d6f67c2... by Bryce Harrington

  * Dropped:
    - SECURITY UPDATE: mod_proxy_http denial of service.
      + debian/patches/CVE-2020-13950.patch: don't dereference NULL proxy
        connection in modules/proxy/mod_proxy_http.c.
      + CVE-2020-13950
      [Fixed in 2.4.48-1]

b695681... by Bryce Harrington

    - d/apache2ctl: Also use /run/systemd to check for systemd usage
      (LP: 1918209)