-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 Oct 2021 15:27:55 +0200 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg Architecture: source Version: 2.4.25-3+deb9u11 Distribution: stretch-security Urgency: high Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Sylvain Beucler <beuc@debian.org> Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.25-3+deb9u11) stretch-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2021-34798: malformed requests may cause the server to dereference a NULL pointer. * CVE-2021-39275: ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. * CVE-2021-40438: a crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. Checksums-Sha1: 06062488c85dacdd01f6f045483484dd5cd6f728 2990 apache2_2.4.25-3+deb9u11.dsc a00823861ea92e2b8803c2343a4203cc6b2b17c6 821216 apache2_2.4.25-3+deb9u11.debian.tar.xz 3a42f4ad337f118340d9e463e6203f2ec257ce80 9546 apache2_2.4.25-3+deb9u11_amd64.buildinfo Checksums-Sha256: 21c276d0d54ad0d3882793f0254e5d471f83d07f7c31a5a7b4b35c5f4b465cc6 2990 apache2_2.4.25-3+deb9u11.dsc 52b8447a3901baf57971df2c0c71b14f17e9b737b746c5e369185d74707125b3 821216 apache2_2.4.25-3+deb9u11.debian.tar.xz 9ef2214514e620936435cb8a41bf04a6c2333ddff55b125a1e409708b1273a12 9546 apache2_2.4.25-3+deb9u11_amd64.buildinfo Files: 11dc7d008bce8ffdd233f54f56b0079a 2990 httpd optional apache2_2.4.25-3+deb9u11.dsc 6166de4385f74dc3cdd7a2da3d15aa5f 821216 httpd optional apache2_2.4.25-3+deb9u11.debian.tar.xz 79fcaa5d17fa338eafe49c84678e11ae 9546 httpd optional apache2_2.4.25-3+deb9u11_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmFYdrUACgkQDTl9HeUl XjDQPBAAooETaPMDv5OqMaknA91uO5ZCuXJKer9liEbI8wTZnVE23VEmtvV7pHqd ui3aUJJpaARrn+E4SyTo4rZCO72xxPD/G8U8ClzoYDDoBT6rugtUI768TwzodAVX bVW1gtQHoPtTn87txGwfgjjI+7YuYNISN2W74qrpBQbH6RjgrP1lAhiKD5ksvv7j ZDiQlgkKi1emFOtBgWXGji2mkmRQUVbkZlAxswLon4UXYyo+83JYlyT9syPBRuz0 J/UKIpFmuyYxaMyCBdLuuPsYjKTpv7e1Gg7AfzBe+6tG34yBzFnzzfGLWn+tWeyv QV4OWVd+xzs9vxVkN12yNvwaJsZDBs4DLfvtTaR9F2eC/eEXiol1N5R+NSuk+F5g joXnpC12J+dhOy5CvAf84NLQl9OTDcRLYVPng1VYiPRKW0jXrV318kL4mSdrcsOM HsoVyHWKkvrXUfdnyo6O3MZ25HUOsZyT0LM08QyXK2yNSag8tuFEECHtVV1Bc4T0 Ljp6vbrFICdGuIksDwTqULNM0piejajVsuKcpiShovzAVMK6uZIRT6krihyR09Tl SCfIkGBo+MgXprTl5s8EJY2SJFDmw6L6oNL5iNYpissCLrsJ6bYFxhxsr7CaC8nC pX/oN/TziCQlE7jj/MBQyyR0jCFa28FFkkZQ4awlbSPfd9rUHtk= =Z+UX -----END PGP SIGNATURE-----