Format: 1.8 Date: Wed, 10 Apr 2024 13:41:02 -0400 Source: apache2 Binary: apache2 apache2-bin apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils libapache2-mod-md libapache2-mod-proxy-uwsgi Built-For-Profiles: noudeb Architecture: riscv64 Version: 2.4.57-2ubuntu2.4 Distribution: mantic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.57-2ubuntu2.4) mantic-security; urgency=medium . * SECURITY UPDATE: HTTP response splitting - debian/patches/CVE-2023-38709.patch: header validation after content-* are eval'ed in modules/http/http_filters.c. - CVE-2023-38709 * SECURITY UPDATE: HTTP Response Splitting in multiple modules - debian/patches/CVE-2024-24795.patch: let httpd handle CL/TE for non-http handlers in include/util_script.h, modules/aaa/mod_authnz_fcgi.c, modules/generators/mod_cgi.c, modules/generators/mod_cgid.c, modules/http/http_filters.c, modules/proxy/ajp_header.c, modules/proxy/mod_proxy_fcgi.c, modules/proxy/mod_proxy_scgi.c, modules/proxy/mod_proxy_uwsgi.c. - CVE-2024-24795 * SECURITY UPDATE: HTTP/2 DoS by memory exhaustion on endless continuation frames - debian/patches/CVE-2024-27316.patch: bail after too many failed reads in modules/http2/h2_session.c, modules/http2/h2_stream.c, modules/http2/h2_stream.h. - CVE-2024-27316 Checksums-Sha1: ea25079cef7b6845fc43d68baa35e50a729b4c56 3150602 apache2-bin-dbgsym_2.4.57-2ubuntu2.4_riscv64.ddeb cf88f5cc5b839ea4807fc1f613a77c1663b38854 1331478 apache2-bin_2.4.57-2ubuntu2.4_riscv64.deb 60cbfde47d33dc88f3341ac7fbe651445c72cb7c 199424 apache2-dev_2.4.57-2ubuntu2.4_riscv64.deb 54f24c75b8c6ba187744f246dfe44ea6f0ec68fe 2988 apache2-ssl-dev_2.4.57-2ubuntu2.4_riscv64.deb bd11c8382433cf9d1dbb0fc3db65b3d47724ff95 12284 apache2-suexec-custom-dbgsym_2.4.57-2ubuntu2.4_riscv64.ddeb f06336575beef5ee14b1f0fcf0854a27c004f9c6 15690 apache2-suexec-custom_2.4.57-2ubuntu2.4_riscv64.deb 97f14a9ab7dae5ebf502d648002a8a7d3d685825 11152 apache2-suexec-pristine-dbgsym_2.4.57-2ubuntu2.4_riscv64.ddeb 567666163b092975a9c0586fe5f68897dbebd684 14060 apache2-suexec-pristine_2.4.57-2ubuntu2.4_riscv64.deb c3419dc7b6c04ffad5c45a74cea0659bb6cdd57c 114034 apache2-utils-dbgsym_2.4.57-2ubuntu2.4_riscv64.ddeb 5f0fed9e6676a6aa8384c861af3aab79db845117 94550 apache2-utils_2.4.57-2ubuntu2.4_riscv64.deb f7e423a3940fedf8a85e068f4f88e6a4d303f456 11294 apache2_2.4.57-2ubuntu2.4_riscv64.buildinfo f89baeabb0eb22b60b6ee31b9a8544b171a7069f 96898 apache2_2.4.57-2ubuntu2.4_riscv64.deb a657e884d56db24afa0871eb621375454fe2a343 800 libapache2-mod-md_2.4.57-2ubuntu2.4_riscv64.deb 7c880acaf96fce0d2c7857ffaeb61ab1a6ef890a 994 libapache2-mod-proxy-uwsgi_2.4.57-2ubuntu2.4_riscv64.deb Checksums-Sha256: 9a5e7948a8dd09dc72380d0092d4f2fb1b49691a24e97233bf0fe45fe76d60bc 3150602 apache2-bin-dbgsym_2.4.57-2ubuntu2.4_riscv64.ddeb bd14c0889ececc7d0c214cee5f239b5aa95ada91b65d1255abf19eeffc3aeea2 1331478 apache2-bin_2.4.57-2ubuntu2.4_riscv64.deb ba5f4091717803dd67311046d0917467712033dcf1d2ccd1c0fded158da30257 199424 apache2-dev_2.4.57-2ubuntu2.4_riscv64.deb 5668dd1b9caf7b39e23ab29b456cf24ca2a51199b2af96d0f50ef74399676765 2988 apache2-ssl-dev_2.4.57-2ubuntu2.4_riscv64.deb 46fc6734c7365607e66cae3a0903e042ef6114d843ee3429af2653950f12b0a4 12284 apache2-suexec-custom-dbgsym_2.4.57-2ubuntu2.4_riscv64.ddeb 11e19e53c35a05f0d5b10d144dccb7ea73021b584942b32e06dd106e9b87cc03 15690 apache2-suexec-custom_2.4.57-2ubuntu2.4_riscv64.deb 93d93ce5f2c9ed5ae4feda27e419e509a5b81fcbcd4d6fb631ff64ee27f143e5 11152 apache2-suexec-pristine-dbgsym_2.4.57-2ubuntu2.4_riscv64.ddeb c306f80fb05c285a2e211babb3f72e5114fdd27fe25c630322f2bbefd54f0abc 14060 apache2-suexec-pristine_2.4.57-2ubuntu2.4_riscv64.deb 4d2aef5a752c1cf2ac853da1fa99de75db15ae95284ccca8731b5553fada09f9 114034 apache2-utils-dbgsym_2.4.57-2ubuntu2.4_riscv64.ddeb c4a9d008a7f0ef4e76e1aad982200d7ede170d856b7549ff40712a4c8db678fa 94550 apache2-utils_2.4.57-2ubuntu2.4_riscv64.deb ee37e97278b67023b1b9bccaf886b5ddad41b4c858697e1f3a0d0d167e1fc57c 11294 apache2_2.4.57-2ubuntu2.4_riscv64.buildinfo af1128657f0d0cc951e03f3297a309e417ecfd2224938363f7a3b4c1229146b6 96898 apache2_2.4.57-2ubuntu2.4_riscv64.deb 1991ea51ee562c423e7ab23f4d6cab8eb16a1c6c11617d35f86f42e666538e1e 800 libapache2-mod-md_2.4.57-2ubuntu2.4_riscv64.deb af3ddab501307c053b295f2f9f953d2f6a8be0c8365e5773a0c181e88029eead 994 libapache2-mod-proxy-uwsgi_2.4.57-2ubuntu2.4_riscv64.deb Files: cd4a8185584dc53d366e021ef6d53ddf 3150602 debug optional apache2-bin-dbgsym_2.4.57-2ubuntu2.4_riscv64.ddeb 73d6534dc4cb9b513b11b6cca929b9bf 1331478 httpd optional apache2-bin_2.4.57-2ubuntu2.4_riscv64.deb 926fdb263e98cc103b1d17572c9b4fa1 199424 httpd optional apache2-dev_2.4.57-2ubuntu2.4_riscv64.deb a3859d2f0aac5c50aab0b41aae774cf8 2988 httpd optional apache2-ssl-dev_2.4.57-2ubuntu2.4_riscv64.deb c302affa943ac208a6686e54cb891cc8 12284 debug optional apache2-suexec-custom-dbgsym_2.4.57-2ubuntu2.4_riscv64.ddeb 55dc446b6b6585263d0ca020b7df013a 15690 httpd optional apache2-suexec-custom_2.4.57-2ubuntu2.4_riscv64.deb ea83a5c75d40c78ef4675154bb4b8859 11152 debug optional apache2-suexec-pristine-dbgsym_2.4.57-2ubuntu2.4_riscv64.ddeb 242cb446dfb91063d5a96604f9e57d31 14060 httpd optional apache2-suexec-pristine_2.4.57-2ubuntu2.4_riscv64.deb 77a8281fd65f71932dd87bd8ee374174 114034 debug optional apache2-utils-dbgsym_2.4.57-2ubuntu2.4_riscv64.ddeb 1b8a16b3275dddfb1b563d1aaa63056a 94550 httpd optional apache2-utils_2.4.57-2ubuntu2.4_riscv64.deb 12d40ac6110eb3937faa8a3430b41549 11294 httpd optional apache2_2.4.57-2ubuntu2.4_riscv64.buildinfo 5864698d9f3833f2405dea857944c295 96898 httpd optional apache2_2.4.57-2ubuntu2.4_riscv64.deb 4078aedbcffd62e663e61de377aab887 800 oldlibs optional libapache2-mod-md_2.4.57-2ubuntu2.4_riscv64.deb 4dba91f29c035d660796c9b8c99cfac3 994 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.57-2ubuntu2.4_riscv64.deb Original-Maintainer: Debian Apache Maintainers