ubuntu/+source/apache2:applied/debian/buster

Last commit made on 2019-04-07
Get this branch:
git clone -b applied/debian/buster https://git.launchpad.net/ubuntu/+source/apache2
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/debian/buster
Repository:
lp:ubuntu/+source/apache2

Recent commits

4fb0ce3... by Stefan Fritsch on 2019-04-07

Import patches-applied version 2.4.38-3 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 51a0ddced04f55fe833211d6e9b0b1318b712b76
Unapplied parent: 6b6d562a8245fbcfa0b5f693bbf940d2301fbd96

New changelog entries:
  [ Marc Deslauriers ]
  * SECURITY UPDATE: read-after-free on a string compare in mod_http2
    - debian/patches/CVE-2019-0196.patch: disentangelment of stream and
      request method in modules/http2/h2_request.c.
    - CVE-2019-0196
  * SECURITY UPDATE: privilege escalation from modules' scripts
    - debian/patches/CVE-2019-0211.patch: bind the bucket number of each
      child to its slot number in include/scoreboard.h,
      server/mpm/event/event.c, server/mpm/prefork/prefork.c,
      server/mpm/worker/worker.c.
    - CVE-2019-0211
  * SECURITY UPDATE: mod_ssl access control bypass
    - debian/patches/CVE-2019-0215.patch: restore SSL verify state after
      PHA failure in TLSv1.3 in modules/ssl/ssl_engine_kernel.c.
    - CVE-2019-0215
  * SECURITY UPDATE: mod_auth_digest access control bypass
    - debian/patches/CVE-2019-0217.patch: fix a race condition in
      modules/aaa/mod_auth_digest.c.
    - CVE-2019-0217
  * SECURITY UPDATE: URL normalization inconsistincy
    - debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in
      the path in include/http_core.h, include/httpd.h, server/core.c,
      server/request.c, server/util.c.
    - debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety
      in server/request.c, server/util.c.
    - debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in
      server/util.c.
    - CVE-2019-0220
  [ Stefan Fritsch ]
  * Pull security fixes from 2.4.39 via Ubuntu
  * CVE-2019-0197: mod_http2: Fix possible crash on late upgrade

6b6d562... by Stefan Fritsch on 2019-04-07

CVE-2019-0197.patch

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2019-0197.patch.

b9ade41... by Stefan Fritsch on 2019-04-07

[PATCH] *) maintainer mode fix for util.c no2slash_ex trunk

Gbp-Pq: CVE-2019-0220-3.patch.

f6d126f... by Stefan Fritsch on 2019-04-07

[PATCH] merge 1855743,1855744 ^/httpd/httpd/trunk .

Gbp-Pq: CVE-2019-0220-2.patch.

d6c9fa2... by Stefan Fritsch on 2019-04-07

[PATCH] Merge of r1855705 from trunk:

Gbp-Pq: CVE-2019-0220-1.patch.

42be471... by Stefan Fritsch on 2019-04-07

[PATCH] Merge r1853190 from trunk:

Gbp-Pq: CVE-2019-0217.patch.

90ac68e... by Stefan Fritsch on 2019-04-07

[PATCH] Merge r1855849 from trunk:

Gbp-Pq: CVE-2019-0215.patch.

f343cc9... by Stefan Fritsch on 2019-04-07

[PATCH] Merge r1855306 from trunk:

Gbp-Pq: CVE-2019-0211.patch.

bf4fec0... by Stefan Fritsch on 2019-04-07

[PATCH] Merge of r1852986 from trunk:

Gbp-Pq: CVE-2019-0196.patch.

81cb4b1... by Stefan Fritsch on 2019-04-07

spelling errors

Gbp-Pq: spelling-errors.patch.