-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 03 Nov 2018 19:46:19 +0100 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg Architecture: source amd64 all Version: 2.4.25-3+deb9u6 Distribution: stretch Urgency: medium Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Closes: 902906 904106 909591 Changes: apache2 (2.4.25-3+deb9u6) stretch; urgency=medium . * CVE-2018-1333: mod_http2: Fix DoS by worker exhaustion. Closes: #904106 * CVE-2018-11763: mod_http2: Fix DoS by continuous SETTINGS. Closes: #909591 * mod_proxy_fcgi: Fix segfault. Closes: #902906 Checksums-Sha1: c3590ec3ab4fb75affb8b238a711a5ce17ab27d9 2986 apache2_2.4.25-3+deb9u6.dsc ed7c894bcf537c64e69ae288a02977b7d6f6352a 790172 apache2_2.4.25-3+deb9u6.debian.tar.xz eeb4ed3ae730ad36c22eed16b8c1bbc057ebd5d5 1186420 apache2-bin_2.4.25-3+deb9u6_amd64.deb f8c7f84f2fa3e57dc5367738a976951b185af26c 162112 apache2-data_2.4.25-3+deb9u6_all.deb 356bd128d69835a7dab11f9cab5a18e3f54b3b64 4017542 apache2-dbg_2.4.25-3+deb9u6_amd64.deb 6f01daf4d7b79da8edfea8eccc6b7b018d5a261c 313942 apache2-dev_2.4.25-3+deb9u6_amd64.deb d8d7f824aef5eb4bd5a5c8be2d204686122ec2df 3770774 apache2-doc_2.4.25-3+deb9u6_all.deb 4068de545c6fa1356e70a144062b6372b2313a50 2268 apache2-ssl-dev_2.4.25-3+deb9u6_amd64.deb 55ebadbf1dc57bfb400bec5a6768d790d3600966 155210 apache2-suexec-custom_2.4.25-3+deb9u6_amd64.deb d0d29a6e4142c9749bbd5608bb64262eb3d9e76b 153732 apache2-suexec-pristine_2.4.25-3+deb9u6_amd64.deb c945f226d0b62fc36ac1f2f0cc1050534f456f4f 217058 apache2-utils_2.4.25-3+deb9u6_amd64.deb fb61405e424a0c0770fd7de0df872f7e74a0ae6e 10163 apache2_2.4.25-3+deb9u6_amd64.buildinfo 1f45b6c2a344a0745f4fb267f4b0ca8bc7435b59 235974 apache2_2.4.25-3+deb9u6_amd64.deb Checksums-Sha256: b0bc6bc5c1daf4d542e2016f36e3c19d1a839d73543c025f7bafa9920ab371b5 2986 apache2_2.4.25-3+deb9u6.dsc 5fd9d307b0550e919ef03516e8fd0ce4366f20d2ffb349e6a0fd957dce853f3f 790172 apache2_2.4.25-3+deb9u6.debian.tar.xz 26ff2bc1b0d7dbe5b08d71f23633c4f9decf980fcfd0aa348ecf41cfc709ad7b 1186420 apache2-bin_2.4.25-3+deb9u6_amd64.deb c947d3889d33cfbb4b1e7c64f703c979830f4d53061d2966c0925e5e565d608f 162112 apache2-data_2.4.25-3+deb9u6_all.deb 4eb1c252b7efbb9f9d3254da546729a564f6eb5aa751662526347a776989b16e 4017542 apache2-dbg_2.4.25-3+deb9u6_amd64.deb b23d03dea9bcfa7c8f0f8534d193fa92837444e6d98d974d9858520707b52941 313942 apache2-dev_2.4.25-3+deb9u6_amd64.deb e87ecf4173d13aed62efce16521ac5f32ed5316f57ed7161470f5ccaa5b7a62f 3770774 apache2-doc_2.4.25-3+deb9u6_all.deb 53c2b3fe58ed0f232574a437f25302c052f798e9a3eec3ac8d7b617fddb65b22 2268 apache2-ssl-dev_2.4.25-3+deb9u6_amd64.deb 8901fea6f314719cd975e854c077f342f45d5143fe57082f969906f8667f68b4 155210 apache2-suexec-custom_2.4.25-3+deb9u6_amd64.deb 305a64e1a1871ca1e430dc2e164dc34c91581015540e8de71b758d07b848cf90 153732 apache2-suexec-pristine_2.4.25-3+deb9u6_amd64.deb 4c557dccd216f4c319a01b0d20e6315bd483999a1bbcca6488bd2e59990b046f 217058 apache2-utils_2.4.25-3+deb9u6_amd64.deb 8bde42135512e310cc1de367ae9375bb4e39625f2bb36dd14aff03a85284a18a 10163 apache2_2.4.25-3+deb9u6_amd64.buildinfo 42bbfcabaa49fcc458ec20569229adde1a8662aacd69b2e8107cfee69d5f9b59 235974 apache2_2.4.25-3+deb9u6_amd64.deb Files: 0d89b47aef7b19975ae8387cb7d323d3 2986 httpd optional apache2_2.4.25-3+deb9u6.dsc 96fe0be15c776db7710d473acb7872b2 790172 httpd optional apache2_2.4.25-3+deb9u6.debian.tar.xz c36fee808ccdac5ec0cd2faae758bf14 1186420 httpd optional apache2-bin_2.4.25-3+deb9u6_amd64.deb dcfaef6cb1024be84c2f9be07b54fb4d 162112 httpd optional apache2-data_2.4.25-3+deb9u6_all.deb f0c4416e5244bab112201761a4f32d55 4017542 debug extra apache2-dbg_2.4.25-3+deb9u6_amd64.deb 1a0ae2576a3ba6b9e72b5a1432c38eee 313942 httpd optional apache2-dev_2.4.25-3+deb9u6_amd64.deb 7e6df0368dff1ee78c0232d8f9670262 3770774 doc optional apache2-doc_2.4.25-3+deb9u6_all.deb 94e03d511df7909bcd92a7a03073149c 2268 httpd optional apache2-ssl-dev_2.4.25-3+deb9u6_amd64.deb e159c61f9c7a050844852bc9ca056e77 155210 httpd extra apache2-suexec-custom_2.4.25-3+deb9u6_amd64.deb 4597c9c7e7733f8fd26712f57c125dfe 153732 httpd optional apache2-suexec-pristine_2.4.25-3+deb9u6_amd64.deb 2d3ac31dd972cf078b5493167e149839 217058 httpd optional apache2-utils_2.4.25-3+deb9u6_amd64.deb 8e16239cc29939450aa2af0cd22e2b9a 10163 httpd optional apache2_2.4.25-3+deb9u6_amd64.buildinfo 7fed7d6f182385772fbba22e615dcba2 235974 httpd optional apache2_2.4.25-3+deb9u6_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOpiNza8JqByyYYsxxodfNUHO/eAFAlvd794ACgkQxodfNUHO /eCtiw/+IHqUZt7sc/+RGQBeBbk8b7c9MSUJHhow+Eh03GIXbHZtY6gRqylH4tBA EBcuLXpxbdevh8OiQhby9DCaqFmURZ434pd39EDgf2+mAPrwiIw93dkD1DBBSRvK Z87/TaYRT7lI1CYPQBvyk4dZgKdrmAJfua5WXBCqLZNBknDgbq2dZ9M0OLbCsZSY fdz96WVxhTopdug4Yu6T6nwmnFebsV90DtTQvdvPJdDumDoMp9docGx80ypkj/zE fDJchBn2lb2x4m8+M8kcnlm/5+/yPyjMOd0Tlk3XdJxUQX6+/Dod/cqk4ooB+hdy 7pjgFqBkDBu0fSktMFe2nfedTM4PUqy1BXLb42u3a3/FWaoCNK4HXsN7vbUgQQcN FagHrjJ1dk/GqWgoYKeE4DOsdStJxZLL7ueSvl8x49DcQnZHYEtem0DXDrRKICOD bK45JpDFcO8gwaGQFNhcnwBS4tBKdLBbID+Zj4+KI9fLmPBOO7XJIWznYrM8aXh6 ePdhLKarksw4zUKYdFFVRDlAKLBcxo8hjS7SY82bwnMJ6AKGxwnj6myzhxNOGT7F iVtFUKrruQ4j0lHQWEjhlPy11kWxcFGbV/4hADzOSyk0t8Ox4aGiHyC/dV45vfyj TewDaFwqzBMbRGrfZLXY2H7ISQ2MRnPrbIZ7oZDTnpHetTUjekE= =QKQK -----END PGP SIGNATURE-----