Last commit made on 2019-04-04
Get this branch:
git clone -b applied/ubuntu/trusty-updates https://git.launchpad.net/ubuntu/+source/apache2
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

c258fd3... by Marc Deslauriers on 2019-04-03

Import patches-applied version 2.4.7-1ubuntu4.22 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: dd6ba45dddfe265a828be6fbc0a1cc26339c9a5e
Unapplied parent: 0e68b70f753dfa4a40d2a603a27163b26ddeaa21

New changelog entries:
  * SECURITY UPDATE: mod_session expiry time issue
    - debian/patches/CVE-2018-17199-pre1.patch: properly handle sessions
      that could not be decoded in modules/session/mod_session.c.
    - debian/patches/CVE-2018-17199.patch: always decode session attributes
      early in modules/session/mod_session.c.
    - CVE-2018-17199
  * SECURITY UPDATE: mod_auth_digest access control bypass
    - debian/patches/CVE-2019-0217.patch: fix a race condition in
    - CVE-2019-0217
  * SECURITY UPDATE: URL normalization inconsistincy
    - debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in
      the path in include/http_core.h, include/httpd.h, server/core.c,
      server/request.c, server/util.c.
    - debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety
      in server/request.c, server/util.c.
    - debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in
    - CVE-2019-0220

0e68b70... by Marc Deslauriers on 2019-04-03

[PATCH] *) maintainer mode fix for util.c no2slash_ex trunk

Gbp-Pq: CVE-2019-0220-3.patch.

8c0965d... by Marc Deslauriers on 2019-04-03

[PATCH] merge 1855743,1855744 ^/httpd/httpd/trunk .

Gbp-Pq: CVE-2019-0220-2.patch.

05ea94b... by Marc Deslauriers on 2019-04-03

[PATCH] Merge of r1855705 from trunk:

Gbp-Pq: CVE-2019-0220-1.patch.

66ac0f5... by Marc Deslauriers on 2019-04-03

[PATCH] Merge r1853190 from trunk:

Gbp-Pq: CVE-2019-0217.patch.

f6e3b1b... by Marc Deslauriers on 2019-04-03

[PATCH] mod_session: Always decode session attributes early.

Gbp-Pq: CVE-2018-17199.patch.

4ff1736... by Marc Deslauriers on 2019-04-03

[PATCH] Merge r1560977 from trunk:

Gbp-Pq: CVE-2018-17199-pre1.patch.

defe148... by Marc Deslauriers on 2019-04-03

Fix AuthzProviderAlias's visibility

Gbp-Pq: AuthzProviderAlias-visibility.patch.

99e906c... by Marc Deslauriers on 2019-04-03

fix insecure nonce generation

Gbp-Pq: CVE-2018-1312.patch.

e12eadd... by Marc Deslauriers on 2019-04-03

fix mod_cache_socache DoS

Gbp-Pq: CVE-2018-1303.patch.