Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted apache2 2.4.38-3+deb10u8 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Date: Tue, 02 Aug 2022 20:16:13 +0000
Signed by: Roberto C. Sanchez <roberto@familiasanchez.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 20 Jun 2022 15:03:00 -0400
Source: apache2
Architecture: source
Version: 2.4.38-3+deb10u8
Distribution: buster
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Roberto C. Sánchez <roberto@debian.org>
Changes:
 apache2 (2.4.38-3+deb10u8) buster; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2022-22719: denial of service in mod_lua via crafted request body.
   * CVE-2022-22720: HTTP request smuggling.
   * CVE-2022-22721: integer overflow leading to buffer overflow write.
   * CVE-2022-23943: heap memory overwrite via crafted data in mod_sed.
   * CVE-2022-26377: mod_proxy_ajp: Possible request smuggling.
   * CVE-2022-28614: read beyond bounds via ap_rwrite().
   * CVE-2022-28615: Read beyond bounds in ap_strcmp_match().
   * CVE-2022-29404: Denial of service in mod_lua r:parsebody.
   * CVE-2022-30522: mod_sed denial of service.
   * CVE-2022-30556: Information Disclosure in mod_lua with websockets.
   * CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism.
Checksums-Sha1:
 b7ccf6bd8ccaf574a7df701a0d6de0ed8fbaa772 3263 apache2_2.4.38-3+deb10u8.dsc
 edb6ca206de92cfd1f93dee1003da7c263167c0d 1092444 apache2_2.4.38-3+deb10u8.debian.tar.xz
 da8b2ea1362da5fcaba8074fd34518550df5b241 12091 apache2_2.4.38-3+deb10u8_amd64.buildinfo
Checksums-Sha256:
 756d7b64958ab5bbe1f4526518efdb096fda59418eb7d6a84e704557414bddbc 3263 apache2_2.4.38-3+deb10u8.dsc
 63d2e8fb0b2a148e1ebddc1ef57d90f97c1478e9dc6127fc8a63e52fd90b0d35 1092444 apache2_2.4.38-3+deb10u8.debian.tar.xz
 2a61c67ca9a4e3a112294d6e32b74791966bc7b2d3f6e13d3584eacca144ea66 12091 apache2_2.4.38-3+deb10u8_amd64.buildinfo
Files:
 e6ef4213da9d1a30eef9eb7acb0a5d04 3263 httpd optional apache2_2.4.38-3+deb10u8.dsc
 c690ddcb5867ac0281142dc51b226b10 1092444 httpd optional apache2_2.4.38-3+deb10u8.debian.tar.xz
 89f3f694f429b0162cb7adea67adac0d 12091 httpd optional apache2_2.4.38-3+deb10u8_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAmLDIZgACgkQldFmTdL1
kUKBBxAAqQpK96dq19GgCtY9xjFZbzgikF50UaugO8xyRRpjt2LPgIAKppUNDFMT
anJMxzIJgKX7FeK4dLXEgi06rTzlYf3MGb50GJ7guP4pLiHYGvMOx5HC7W7+7H+F
ZhGvlhWcR4ZoLxchZzklO9AvLd9Z9po9XhKj6yPfbv6s66DdTGpRAViTOI8XmaUR
KNpyhf3MhhYylYJfPh3Sb93LShFuWA3iR6y0zesLZDE3u3XKVmygOe3ee5TAP4ia
c233Bx2BUBXOZ3umNJgOMEfIriFmesrKVCoGjNIxRBX1QaY9CKF+Fib4td0k4tEE
0+TKsE5+HTB5v7mfkDcXE/0AmXJir5MkhtiUsfQLX+EmJ8sFn2gGsVjMMxZQd+v9
fTHWZrPDmg9ZvJDapXiNsquY0YbJ7F1U4iJj9csAc54ILmfmhs11PWhdqtHwTu09
nFzkm2ELaYdF2FuwR4G8YGs5orUphgfm3e0ZHbwnkiN0Krs/xOcMXoTwo94iPCOC
e9Je070LEw3vWT+dJaSB5lzzNiSg5Q54VomIM280O87ja8NVM2E8m5ZZZ6SfzqA5
PikjwYwePvndwd50WziCozaWWudUKFTD7ppTVpPJw3ckKkphkMQ9bSfYHN4WQYj4
Gs/F+k7qTQ4zHoBXs2jtdZ0WyBzsW3UhKtswY9n4zo7jp4yfo60=
=UHLo
-----END PGP SIGNATURE-----

News for package apache2