ubuntu/+source/apache2:applied/ubuntu/trusty-devel

Last commit made on 2018-04-19
Get this branch:
git clone -b applied/ubuntu/trusty-devel https://git.launchpad.net/ubuntu/+source/apache2
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/trusty-devel
Repository:
lp:ubuntu/+source/apache2

Recent commits

c927cf7... by Marc Deslauriers on 2018-04-18

Import patches-applied version 2.4.7-1ubuntu4.20 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 5d40a9755d90607e849f9726d1ef4259ca3df267
Unapplied parent: 9d776cde107003d7fa83668459e3819caa0a6e79

New changelog entries:
  * SECURITY UPDATE: DoS via missing header with AuthLDAPCharsetConfig
    - debian/patches/CVE-2017-15710.patch: fix language long names
      detection as short name in modules/aaa/mod_authnz_ldap.c.
    - CVE-2017-15710
  * SECURITY UPDATE: incorrect <FilesMatch> matching
    - debian/patches/CVE-2017-15715-pre.patch: add ap_cstr_casecmp[n]() to
      include/httpd.h, server/util.c.
    - debian/patches/CVE-2017-15715.patch: allow to configure
      global/default options for regexes, like caseless matching or
      extended format in include/ap_regex.h, server/core.c,
      server/util_pcre.c.
    - CVE-2017-15715
  * SECURITY UPDATE: mod_session header manipulation
    - debian/patches/CVE-2018-1283.patch: strip Session header when
      SessionEnv is on in modules/session/mod_session.c.
    - CVE-2018-1283
  * SECURITY UPDATE: DoS via specially-crafted request
    - debian/patches/CVE-2018-1301.patch: ensure that read lines are NUL
      terminated on any error, not only on buffer full in
      server/protocol.c.
    - CVE-2018-1301
  * SECURITY UPDATE: mod_cache_socache DoS
    - debian/patches/CVE-2018-1303.patch: fix caching of empty headers up
      to carriage return in modules/cache/mod_cache_socache.c.
    - CVE-2018-1303
  * SECURITY UPDATE: insecure nonce generation
    - debian/patches/CVE-2018-1312.patch: actually use the secret when
      generating nonces in modules/aaa/mod_auth_digest.c.
    - CVE-2018-1312

9d776cd... by Marc Deslauriers on 2018-04-18

fix insecure nonce generation

Gbp-Pq: CVE-2018-1312.patch.

4238ac1... by Marc Deslauriers on 2018-04-18

fix mod_cache_socache DoS

Gbp-Pq: CVE-2018-1303.patch.

b4896ae... by Marc Deslauriers on 2018-04-18

fix DoS via specially-crafted request

Gbp-Pq: CVE-2018-1301.patch.

6727926... by Marc Deslauriers on 2018-04-18

fix mod_session header manipulation

Gbp-Pq: CVE-2018-1283.patch.

2c8e59a... by Marc Deslauriers on 2018-04-18

fix incorrect <FilesMatch> matching

Gbp-Pq: CVE-2017-15715.patch.

b5367d9... by Marc Deslauriers on 2018-04-18

add ap_cstr_casecmp[n]()

Gbp-Pq: CVE-2017-15715-pre.patch.

2810b99... by Marc Deslauriers on 2018-04-18

fix DoS via missing header with AuthLDAPCharsetConfig

Gbp-Pq: CVE-2017-15710.patch.

55092d6... by Marc Deslauriers on 2018-04-18

[PATCH] Merge r1824811 from trunk:

Gbp-Pq: util_ldap_cache_lock_fix.patch.

22c1de9... by Marc Deslauriers on 2018-04-18

fix optionsbleed information leak

Gbp-Pq: CVE-2017-9798.patch.