-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 18 Aug 2019 15:34:20 +0200 Source: apache2 Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi Architecture: source amd64 all Version: 2.4.38-3+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Xavier Guimard <yadd@debian.org> Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Changes: apache2 (2.4.38-3+deb10u1) buster-security; urgency=high . * Add patch to limit cross-site scripting in mod_proxy (Closes: CVE-2019-10092) * Add patch to fix stack buffer overflow and NULL pointer dereference in mod_remoteip (Closes: CVE-2019-10097) * Import http2 modules from 2.4.41 (Closes: CVE-2019-9517, CVE-2019-10082 and CVE-2019-10081 * Add patch to set PCRE_DOTALL by default (Closes: CVE-2019-10098) Checksums-Sha1: 08e55c460fe3cf14e12f8bc89589b350f3af00cb 3288 apache2_2.4.38-3+deb10u1.dsc 6ee19a7b936a6ddbbf81b313c4a8b38bf232b40e 9187294 apache2_2.4.38.orig.tar.gz 2a58256319288bf1ae6066bc0ceed34b43faf3c8 1058812 apache2_2.4.38-3+deb10u1.debian.tar.xz bf64a3a48d1a70d71e2054ec50dde2bf7754cf4a 4716196 apache2-bin-dbgsym_2.4.38-3+deb10u1_amd64.deb 3c147e1aa128d72678cc3cdb1a1c014020cbe468 1306556 apache2-bin_2.4.38-3+deb10u1_amd64.deb aacb7586b3492d09682a93865810f37419f0acbd 165008 apache2-data_2.4.38-3+deb10u1_all.deb 6a0d85512dd4d3b2cd92a79beace237483b464d7 330928 apache2-dev_2.4.38-3+deb10u1_amd64.deb 0592bae43352cac2d025edfd0d444addd9c7186e 3989896 apache2-doc_2.4.38-3+deb10u1_all.deb 5322f17af4624054067ac35113e9af9d04f67a98 2344 apache2-ssl-dev_2.4.38-3+deb10u1_amd64.deb 893f51e83bc6d3dc846987d77b95b63313b2fa82 12856 apache2-suexec-custom-dbgsym_2.4.38-3+deb10u1_amd64.deb f55e25d7ed763b30b3f305323769d612bcec2bfe 171396 apache2-suexec-custom_2.4.38-3+deb10u1_amd64.deb ea6ea1754a3650dac6e210abc679044808fc0e92 11580 apache2-suexec-pristine-dbgsym_2.4.38-3+deb10u1_amd64.deb 04fcf2fc0b8fb7ed0cfa0d175483385b035e5da2 169816 apache2-suexec-pristine_2.4.38-3+deb10u1_amd64.deb e488d3f1e0df1af448c9b14f1e483151312ee19c 137724 apache2-utils-dbgsym_2.4.38-3+deb10u1_amd64.deb 91e9b7d49437d4d11b653f39e283ce5ccdac52a3 236484 apache2-utils_2.4.38-3+deb10u1_amd64.deb e147b140994244b83c7cb1cd9c12f32103c7929a 11886 apache2_2.4.38-3+deb10u1_amd64.buildinfo a0f8d1535b72872acc3b6648d61f18a495dfc5ef 251208 apache2_2.4.38-3+deb10u1_amd64.deb 8d6d692228fdca776568cb0f0471c2308ee0b59b 948 libapache2-mod-md_2.4.38-3+deb10u1_amd64.deb a34ced76a0bb1f6f386c2ff353f394311d82fde3 1132 libapache2-mod-proxy-uwsgi_2.4.38-3+deb10u1_amd64.deb Checksums-Sha256: ad9a707d8bd7d0488fe595833203aae498cdde7ca9740d3f876a04b678f83d04 3288 apache2_2.4.38-3+deb10u1.dsc 38d0b73aa313c28065bf58faf64cec12bf7c7d5196146107df2ad07541aa26a6 9187294 apache2_2.4.38.orig.tar.gz a589fc7504d29d185f44d30e7f453d0123eddd0b39dccba0df9b4fb808ff20c1 1058812 apache2_2.4.38-3+deb10u1.debian.tar.xz 95a255a7214c26e7c109931a1b96a724cea7d12601abbf027f72260140accf12 4716196 apache2-bin-dbgsym_2.4.38-3+deb10u1_amd64.deb 9ce66d27bb74f09d7270da4a5725a3e203979e1b1d49b25570c04a1e7088829f 1306556 apache2-bin_2.4.38-3+deb10u1_amd64.deb 65850d0755ea9738d8b07b0d6b8393a88cca604178b6704075737a98391593da 165008 apache2-data_2.4.38-3+deb10u1_all.deb bd65f8fbbd3952883af3a172da74b2cbc3e6153b387fbcfd3d7660acea047f9b 330928 apache2-dev_2.4.38-3+deb10u1_amd64.deb 707786c8a77f4fa1c34ac6e735a9b19c4607eb3c99758e2d2d4369b16ecb2515 3989896 apache2-doc_2.4.38-3+deb10u1_all.deb 776b91cea44f02e11355eba3fc3cb2f45b2110296f32a2a1efda6b8d7b8af4b2 2344 apache2-ssl-dev_2.4.38-3+deb10u1_amd64.deb 00139ed81f9a3cee3e5776e805cd67de360cc02d020443bc72827476fa2e1966 12856 apache2-suexec-custom-dbgsym_2.4.38-3+deb10u1_amd64.deb bba82d8b2e45dea5fe773e8351b97e7d56ed9dd3c94c79a3273817bd202093ad 171396 apache2-suexec-custom_2.4.38-3+deb10u1_amd64.deb a4e043608b9a22e9fb656b8854d9bd2a8ea8966430e3132d0a7221167856aa6c 11580 apache2-suexec-pristine-dbgsym_2.4.38-3+deb10u1_amd64.deb 4809be6f7ce363edc6c36fe7c6cc913112bf511cea48ba61726792b867ae0f20 169816 apache2-suexec-pristine_2.4.38-3+deb10u1_amd64.deb 35a0a46ba48f5d3135ee8f524e458e22a80771a67f66b6152f1ad258aa1697c2 137724 apache2-utils-dbgsym_2.4.38-3+deb10u1_amd64.deb 90e32b14765a2694ac9c478df2b1ddf3d7af327a997cfa8edc269c9623b95dcb 236484 apache2-utils_2.4.38-3+deb10u1_amd64.deb f3d0f03ede20aa74e3155c6f01bc8a57fe1343de43c7230bc3650db1c90bc6fa 11886 apache2_2.4.38-3+deb10u1_amd64.buildinfo f95229b102cb9f42aa59886dd5acac9e85a674463b09e158040454ba642d8be6 251208 apache2_2.4.38-3+deb10u1_amd64.deb f7b161c29f9abda5940c41c4c268f3098e041de865509155a021aac87fe34c49 948 libapache2-mod-md_2.4.38-3+deb10u1_amd64.deb a4d5b949e9d97f72f11d5020e1b5154755846b02e3e8b7afad4ca8f3a13a33f3 1132 libapache2-mod-proxy-uwsgi_2.4.38-3+deb10u1_amd64.deb Files: 2c493ee3888c882b4071f52ead82081c 3288 httpd optional apache2_2.4.38-3+deb10u1.dsc 626083caac6d85a048abac6d5ea61e5b 9187294 httpd optional apache2_2.4.38.orig.tar.gz c5a395bb060ea9e92ab12ef9441a2502 1058812 httpd optional apache2_2.4.38-3+deb10u1.debian.tar.xz 49286b88c8ed79b0e589e4c809ef6716 4716196 debug optional apache2-bin-dbgsym_2.4.38-3+deb10u1_amd64.deb 828ba53c02a83600bdae553b75f71d12 1306556 httpd optional apache2-bin_2.4.38-3+deb10u1_amd64.deb b6539633ebbe20f884aa7bcf8df7b8a0 165008 httpd optional apache2-data_2.4.38-3+deb10u1_all.deb 6735a270d0bf0bd0bd4ca28f892d6a84 330928 httpd optional apache2-dev_2.4.38-3+deb10u1_amd64.deb e6e35d1b02254e56778442c63d62ed15 3989896 doc optional apache2-doc_2.4.38-3+deb10u1_all.deb a3c2fdf19dfa1bb876b6397ea75f2c58 2344 httpd optional apache2-ssl-dev_2.4.38-3+deb10u1_amd64.deb 725a43411d5ef1c6c6f9e170aad4773c 12856 debug optional apache2-suexec-custom-dbgsym_2.4.38-3+deb10u1_amd64.deb e4a44a37232e4eb3f24f6389e3117522 171396 httpd optional apache2-suexec-custom_2.4.38-3+deb10u1_amd64.deb 42a702bd906ed3b0b9beb30e58641a78 11580 debug optional apache2-suexec-pristine-dbgsym_2.4.38-3+deb10u1_amd64.deb 8ccc2382b7760497ce1ebd0d5dde4c5c 169816 httpd optional apache2-suexec-pristine_2.4.38-3+deb10u1_amd64.deb 49dd48b5248b61d6892e33c4e4df4d50 137724 debug optional apache2-utils-dbgsym_2.4.38-3+deb10u1_amd64.deb b35d7c16e44cdb4f70b709d2c08dc8d1 236484 httpd optional apache2-utils_2.4.38-3+deb10u1_amd64.deb 878bb10b4c6216128a9d832d1c997dbb 11886 httpd optional apache2_2.4.38-3+deb10u1_amd64.buildinfo da4413e7e3768d231e3b3acc2b9e86fc 251208 httpd optional apache2_2.4.38-3+deb10u1_amd64.deb 953fcdd8b99eaea2546e36e7f390e511 948 oldlibs optional libapache2-mod-md_2.4.38-3+deb10u1_amd64.deb 33f5abab73a41b43c9e177c2e8f4f009 1132 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.38-3+deb10u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQJEBAEBCgAuFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAl1bDxIQHHlhZGRAZGVi aWFuLm9yZwAKCRD210ynyZnu6ZWgD/9CBq3yOzq6WlgumkgWWdtiaMZDgIZ9p4D9 JgabDSxM4fgxLwqOwh1a2s0AkC8NDdkEX2T4bsReQnRYMIU4O9zPqn6ew2mQUiNU sTjGwYovoEcSDvHPZrlmxQQzVSIJ5lYsMHnrxZKz5AccBaHjd089v8xCtJqUpYWO /o5ahl23bmY7H8DSUWYBuYQU+zMhFUw0i42o2QZSPyRzxrmd3NlYT1m4/Qzpn50J DX9HVCZyQYXgtSkaJgp06IkFeOoyqPqdfrVREhC75ZU7VJy6pvaN3h0TXzbU8eZN DOcp+aA0tvRSK2RUzeBSorlofrEOc21WXoVgAyU6JmppNiDClIvtlITy4p6XEgbE SnVaQxgabKgX3/gTTJ7Q8W5d1qhM2QPUxRMtxYAE2Uo85FMk7cJlKk8/jzlX8WBO tq1GlJVvQtaNAOOpmx5b1rWH5pjkrow9/f+l9bYyfJE8e4+xDrcsiyozhug5QPEV n4Pji5ph088GaawW+IKquI3aZV1UbKu2gLRSM7Tg73+L0rljZozHSFkzY0xvv8/5 P/Hc8Cfo15HWvs49zrOfaatlQxXYGNSR7p/DBVQe8oe2KVneQFhHj+ySeeXh9RTV zXz3leIphI9YCy3H1nS6JM8225UN+2lPJzLoDCEOiYmQ7CzIksMZ6YzzUEdBhKn2 j6cEN2Llwg== =57zT -----END PGP SIGNATURE-----