-
469c5ee...
by
Marc Deslauriers
on 2019-04-03
-
Import patches-applied version 2.4.34-1ubuntu2.1 to applied/ubuntu/cosmic-security
Imported using git-ubuntu import.
Changelog parent: 66cf474c05f5ccc50455c09ae4e45aef8ed1793f
Unapplied parent: 245ef397d9af30ddfcda49d53654a760ea7a8e5d
New changelog entries:
* SECURITY UPDATE: slowloris DoS in mod_http2
- debian/patches/CVE-2018-17189.patch: change cleanup strategy for
slave connections in modules/http2/h2_conn.c.
- CVE-2018-17189
* SECURITY UPDATE: mod_session expiry time issue
- debian/patches/CVE-2018-17199.patch: always decode session attributes
early in modules/session/mod_session.c.
- CVE-2018-17199
* SECURITY UPDATE: read-after-free on a string compare in mod_http2
- debian/patches/CVE-2019-0196.patch: disentangelment of stream and
request method in modules/http2/h2_request.c.
- CVE-2019-0196
* SECURITY UPDATE: privilege escalation from modules' scripts
- debian/patches/CVE-2019-0211.patch: bind the bucket number of each
child to its slot number in include/scoreboard.h,
server/mpm/event/event.c, server/mpm/prefork/prefork.c,
server/mpm/worker/worker.c.
- CVE-2019-0211
* SECURITY UPDATE: mod_auth_digest access control bypass
- debian/patches/CVE-2019-0217.patch: fix a race condition in
modules/aaa/mod_auth_digest.c.
- CVE-2019-0217
* SECURITY UPDATE: URL normalization inconsistincy
- debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in
the path in include/http_core.h, include/httpd.h, server/core.c,
server/request.c, server/util.c.
- debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety
in server/request.c, server/util.c.
- debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in
server/util.c.
- CVE-2019-0220
-
245ef39...
by
Marc Deslauriers
on 2019-04-03
-
[PATCH] *) maintainer mode fix for util.c no2slash_ex trunk
Gbp-Pq: CVE-2019-0220-3.patch.
-
bb323c1...
by
Marc Deslauriers
on 2019-04-03
-
[PATCH] merge 1855743,1855744 ^/httpd/httpd/trunk .
Gbp-Pq: CVE-2019-0220-2.patch.
-
af75343...
by
Marc Deslauriers
on 2019-04-03
-
[PATCH] Merge of r1855705 from trunk:
Gbp-Pq: CVE-2019-0220-1.patch.
-
7ab5ffd...
by
Marc Deslauriers
on 2019-04-03
-
[PATCH] Merge r1853190 from trunk:
Gbp-Pq: CVE-2019-0217.patch.
-
bec77bc...
by
Marc Deslauriers
on 2019-04-03
-
[PATCH] Merge r1855306 from trunk:
Gbp-Pq: CVE-2019-0211.patch.
-
56ee7aa...
by
Marc Deslauriers
on 2019-04-03
-
[PATCH] Merge of r1852986 from trunk:
Gbp-Pq: CVE-2019-0196.patch.
-
5c0a063...
by
Marc Deslauriers
on 2019-04-03
-
[PATCH] mod_session: Always decode session attributes early.
Gbp-Pq: CVE-2018-17199.patch.
-
f7b98db...
by
Marc Deslauriers
on 2019-04-03
-
[PATCH] Merge of r1846125 from trunk:
Gbp-Pq: CVE-2018-17189.patch.
-
ed25c97...
by
Marc Deslauriers
on 2019-04-03
-
[PATCH] Merge r1840010 from trunk:
Gbp-Pq: CVE-2018-11763.patch.