ubuntu/+source/apache2:applied/debian/stretch

Last commit made on 2019-04-27
Get this branch:
git clone -b applied/debian/stretch https://git.launchpad.net/ubuntu/+source/apache2
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/debian/stretch
Repository:
lp:ubuntu/+source/apache2

Recent commits

65a8d42... by Stefan Fritsch on 2019-04-02

Import patches-applied version 2.4.25-3+deb9u7 to applied/debian/stretch

Imported using git-ubuntu import.

Changelog parent: acf76141e54bba53396cd90efe2afd347d111e62
Unapplied parent: 6937d77f8862904a391f441cc8e3b08b4f416ea9

New changelog entries:
  [ Xavier Guimard ]
  * CVE-2018-17199: mode_session: Fix missing check for session expiry time.
    Closes: #920303
  [ Stefan Fritsch ]
  * mod_http2: Fix keepalive timeout behavior. This fixes a regression with
    Safari web browsers, introduced in 2.4.25-3+deb9u6. Closes: #915103
  * Fix typo in apache2_switch_mpm() in apache2-maintscript-helper.
    Closes: #904150
  * CVE-2018-17189: mod_http2: Fix DoS via slow, unneeded request bodies.
    Closes: #920302
  * CVE-2019-0196: mod_http2: Fix read after free
  * CVE-2019-0211: All MPMs: privilege escalation from www-data user to root.
  * CVE-2019-0217: mod_auth_digest: Access control bypass
  * CVE-2019-0220: URL normalization inconsistincy.
    Consecutive slashes in URL's are now merged before use in LocationMatch
    and RewriteRule. The old behavior can be restored with the new directive
    "MergeSlashes off".

6937d77... by Stefan Fritsch on 2019-04-02

CVE-2019-0220-merge-slashes.diff

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2019-0220-merge-slashes.diff.

0791cc6... by Stefan Fritsch on 2019-04-02

CVE-2019-0217-digest-collusion-in-mod_auth_digest.diff

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2019-0217-digest-collusion-in-mod_auth_digest.diff.

09c1c41... by Stefan Fritsch on 2019-04-02

CVE-2019-0211-privilege-escalation.diff

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2019-0211-privilege-escalation.diff.

e37a678... by Stefan Fritsch on 2019-04-02

CVE-2019-0196-h2-raf.diff

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2019-0196-h2-raf.diff.

ee55273... by Stefan Fritsch on 2019-04-02

CVE-2018-17189-mod_http2_DoS.diff

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2018-17189-mod_http2_DoS.diff.

136df7a... by Stefan Fritsch on 2019-04-02

mod_http2-keepalive-timeout.diff

No DEP3 Subject or Description header found

Gbp-Pq: mod_http2-keepalive-timeout.diff.

3c68cdb... by Stefan Fritsch on 2019-04-02

Fix for CVE-2018-17199

Gbp-Pq: CVE-2018-17199-mod-session-ignore-timeout.diff.

af1fd72... by Stefan Fritsch on 2019-04-02

CVE-2018-11763-mod_http2_DoS-SETTINGS.diff

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2018-11763-mod_http2_DoS-SETTINGS.diff.

92351a5... by Stefan Fritsch on 2019-04-02

CVE-2018-1333-mod_http2_DoS.diff

No DEP3 Subject or Description header found

Gbp-Pq: CVE-2018-1333-mod_http2_DoS.diff.