ubuntu/+source/apache2:applied/ubuntu/artful-updates

Last commit made on 2018-04-19
Get this branch:
git clone -b applied/ubuntu/artful-updates https://git.launchpad.net/ubuntu/+source/apache2
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/artful-updates
Repository:
lp:ubuntu/+source/apache2

Recent commits

fd5338f... by Marc Deslauriers on 2018-04-18

Import patches-applied version 2.4.27-2ubuntu4.1 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 4cbcac15d53554def83f1ce8815ed41072705790
Unapplied parent: c8d6bd075d7b5cd749d1ab0ab8967330d73fbee5

New changelog entries:
  * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
    - debian/patches/CVE-2017-15710.patch: fix language long names
      detection as short name in modules/aaa/mod_authnz_ldap.c.
    - CVE-2017-15710
  * SECURITY UPDATE: incorrect <FilesMatch> matching
    - debian/patches/CVE-2017-15715.patch: allow to configure
      global/default options for regexes, like caseless matching or
      extended format in include/ap_regex.h, server/core.c,
      server/util_pcre.c.
    - CVE-2017-15715
  * SECURITY UPDATE: mod_session header manipulation
    - debian/patches/CVE-2018-1283.patch: strip Session header when
      SessionEnv is on in modules/session/mod_session.c.
    - CVE-2018-1283
  * SECURITY UPDATE: DoS via specially-crafted request
    - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
      terminated on any error, not only on buffer full in
      server/protocol.c.
    - CVE-2018-1301
  * SECURITY UPDATE: mod_cache_socache DoS
    - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
      to carriage return in modules/cache/mod_cache_socache.c.
    - CVE-2018-1303
  * SECURITY UPDATE: insecure nonce generation
    - debian/patches/CVE-2018-1312.patch: actually use the secret when
      generating nonces in modules/aaa/mod_auth_digest.c.
    - CVE-2018-1312

c8d6bd0... by Marc Deslauriers on 2018-04-18

fix insecure nonce generation

Gbp-Pq: CVE-2018-1312.patch.

ded9437... by Marc Deslauriers on 2018-04-18

fix mod_cache_socache DoS

Gbp-Pq: CVE-2018-1303.patch.

b561074... by Marc Deslauriers on 2018-04-18

fix DoS via specially-crafted request

Gbp-Pq: CVE-2018-1301.patch.

0d51ec9... by Marc Deslauriers on 2018-04-18

fix mod_session header manipulation

Gbp-Pq: CVE-2018-1283.patch.

91b949a... by Marc Deslauriers on 2018-04-18

fix incorrect <FilesMatch> matching

Gbp-Pq: CVE-2017-15715.patch.

667118f... by Marc Deslauriers on 2018-04-18

fix DoS via missing header with AuthLDAPCharsetConfig

Gbp-Pq: CVE-2017-15710.patch.

617f0b4... by Marc Deslauriers on 2018-04-18

[PATCH] Merge r1824811 from trunk:

Gbp-Pq: util_ldap_cache_lock_fix.patch.

d4b64e6... by Marc Deslauriers on 2018-04-18

fix optionsbleed information leak

Gbp-Pq: CVE-2017-9798.patch.

63b9d3f... by Marc Deslauriers on 2018-04-18

Pull upstream fixes for autotools for cross-compiling

Gbp-Pq: 086_svn_cross_compiles.