-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 09 Jul 2021 10:12:34 +0200 Source: apache2 Architecture: source Version: 2.4.25-3+deb9u10 Distribution: stretch-security Urgency: medium Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Emilio Pozuelo Monfort <pochu@debian.org> Changes: apache2 (2.4.25-3+deb9u10) stretch-security; urgency=medium . * Non-maintainer upload by the LTS Team. * Backport patches from buster: - CVE-2021-31618: null pointer dereference on crafted HTTP/2 request - CVE-2021-30641: unexpected URL matching with 'MergeSlashes OFF' - CVE-2021-26691: mod_session response handling heap overflow - CVE-2021-26690: mod_session NULL pointer dereference - CVE-2020-35452: mod_auth_digest stack overflow - CVE-2020-1927: mod_rewrite open redirect - CVE-2020-1934: mod_proxy_ftp uninitialized Checksums-Sha1: d17b703b9ebaaab96643afcd6cc92c30297e9036 2990 apache2_2.4.25-3+deb9u10.dsc e91d4ca0a423f9d37f0c61b1e4a97b0cf20acc99 818512 apache2_2.4.25-3+deb9u10.debian.tar.xz 11e94ab96a504e619ac7919e4efab8f4f9b6c528 6064 apache2_2.4.25-3+deb9u10_source.buildinfo Checksums-Sha256: 666a70728d106bf9f0b386280f1668c75589a2b9ccbc2854ba2337264aa251ec 2990 apache2_2.4.25-3+deb9u10.dsc 7cdf8abcbee64dc9f6f8ef7f24c0aac6807f2285030863cb045ee2c9d5d8c2d1 818512 apache2_2.4.25-3+deb9u10.debian.tar.xz bdf78b39d5e8dc45d502cd8862bbf51c0f9227f957b312e5fcf33a4f8d34b3d9 6064 apache2_2.4.25-3+deb9u10_source.buildinfo Files: f3700c804062dc6786373147a8a0d8d2 2990 httpd optional apache2_2.4.25-3+deb9u10.dsc 83426c793a82bd9db43bcd18197bb996 818512 httpd optional apache2_2.4.25-3+deb9u10.debian.tar.xz 1615ab7368293ebeba28edc308887f3b 6064 httpd optional apache2_2.4.25-3+deb9u10_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmDoBxIACgkQnUbEiOQ2 gwKY8xAAiijmaScb7XbKE/TwNbQAoD/FE+58Uu1eeBHW136FXof9MhjLRC2vcpgV frTyrFH6o9TjwXvXeNK8Xcxw3XRZTpnvSXxTj446eFvfM2+PWLErkiSL0er/tPGU FIYJtqw6HIf4A9GVlypilMsxFJFGHjbRV6Novg+UA+nM6RBK00lokF49fdoydfDc KPt9DQipHEttJ+Y+rxnicj336eo7mxWLBm8JbDWlJWHmZ1AiLtdRexW2Gilh27t9 hr2s7SyackyQ22B0XFEqTkHoHhzBlTj/P2Q/tXxDMCQ1LNw1y+dGPUorEVk2sHw0 JVrqFSVlSf5gaOiX0k39sLnnqEvkUonu0n2/yhEhIo7e6rUrsFE70z0NQj6uaTWP bqQbpgWRdrbpGR0R6Qv6BIup+rTXBIvIsXlY7jX8/9PIIUe+/ymGYXW9GA20q1QE gZdStPQ2v5Vx4dkLkmSXBIvvVtNuDUog8gjridqRq06FB4TrdfzDNTWfQ4yg3w86 pSezyYZNaFHegZCaa7R0Fw5wz4JC8V66A916YenkdFehv5RJLWN0ffHpGwIQW9gD PIzzlpCxbtqurJOCDwG1HEFFYaT1aa1WQhxGRFbzNwid0lgjM+arCeOq4tcx5XeF A8CyN8RAs6kBX8Ls/+XGkGMVhzhj3qQJxgr3g2gnWRvFFY2JY9o= =WKRh -----END PGP SIGNATURE-----