ubuntu/+source/apache2:applied/debian/stretch

Last commit made on 2018-07-14
Get this branch:
git clone -b applied/debian/stretch https://git.launchpad.net/ubuntu/+source/apache2
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/debian/stretch
Repository:
lp:ubuntu/+source/apache2

Recent commits

a2b87f8... by Stefan Fritsch on 2018-06-02

Import patches-applied version 2.4.25-3+deb9u5 to applied/debian/stretch

Imported using git-ubuntu import.

Changelog parent: eff00437e39272c73f9ec9ca0f7f98d1d320a1b3
Unapplied parent: a2414327992905481a8b91346845b3ef3ade4a19

New changelog entries:
  * Upgrade mod_http and mod_proxy_http2 to the versions from 2.4.33. This
    fixes
    - CVE-2018-1302: mod_http2: Potential crash w/ mod_http2
    - Segfaults in mod_http2 (Closes: #873945)
    - mod_http2 issue with option "Indexes" and directive "HeaderName"
      (Closes: #850947)
    Unfortunately, this also removes support for http2 when running on
    mpm_prefork.
  * mod_http2: Avoid high memory usage with large files, causing crashes on
    32bit archs. Closes: #897218
  * Make the apache-htcacheclean init script actually look into
    /etc/default/apache-htcacheclean for its config. Closes: #898563
  * CVE-2017-15710: mod_authnz_ldap: Out of bound write in mod_authnz_ldap
    when using too small Accept-Language values.
  * CVE-2017-15715: <FilesMatch> bypass with a trailing newline in the file
    name.
    Configure the regular expression engine to match '$' to the end of
    the input string only, excluding matching the end of any embedded
    newline characters. Behavior can be changed with new directive
    'RegexDefaultOptions'.
  * CVE-2018-1283: Tampering of mod_session data for CGI applications.
  * CVE-2018-1301: Possible out of bound access after failure in reading the
    HTTP request
  * CVE-2018-1303: Possible out of bound read in mod_cache_socache
  * CVE-2018-1312: mod_auth_digest: Weak Digest auth nonce generation

a241432... by Stefan Fritsch on 2018-06-02

mod_http2_mem_usage_32bit.diff

No DEP3 Subject or Description header found

Gbp-Pq: mod_http2_mem_usage_32bit.diff.

fc8210e... by Stefan Fritsch on 2018-06-02

mod_http2-revert-new-proxy-features.diff

No DEP3 Subject or Description header found

Gbp-Pq: mod_http2-revert-new-proxy-features.diff.

2c0103a... by Stefan Fritsch on 2018-06-02

mod_http2-upgrade-to-2.4.33.diff

No DEP3 Subject or Description header found

Gbp-Pq: mod_http2-upgrade-to-2.4.33.diff.

a3e143a... by Stefan Fritsch on 2018-06-02

CVE-2018-1312-mod_auth_digest-nonce.diff

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2018-1312-mod_auth_digest-nonce.diff.

5737027... by Stefan Fritsch on 2018-06-02

CVE-2018-1303-mod_cache_socache-oob.diff

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2018-1303-mod_cache_socache-oob.diff.

d667803... by Stefan Fritsch on 2018-06-02

CVE-2018-1301-HTTP-request-read-out-of-bounds.diff

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2018-1301-HTTP-request-read-out-of-bounds.diff.

ff38b4a... by Stefan Fritsch on 2018-06-02

CVE-2018-1283-mod_session.diff

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2018-1283-mod_session.diff.

f3f62c2... by Stefan Fritsch on 2018-06-02

CVE-2017-15715-regex-line-endings.diff

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2017-15715-regex-line-endings.diff.

e9629d2... by Stefan Fritsch on 2018-06-02

CVE-2017-15710-mod_authnz_ldap.diff

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2017-15710-mod_authnz_ldap.diff.