Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted apache2 2.4.38-3+deb10u10 (source) into oldstable
Date: Mon, 24 Apr 2023 20:30:21 +0000
Signed by: Bastien ROUCARIÈS <rouca@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 21 Apr 2023 22:01:00 +0000
Source: apache2
Architecture: source
Version: 2.4.38-3+deb10u10
Distribution: buster-security
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1032476
Changes:
 apache2 (2.4.38-3+deb10u10) buster-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2023-27522: HTTP Response Smuggling in mod_proxy_uwsgi
     (Closes: #1032476)
   * CVE-2023-25690: Some mod_proxy configurations allow a HTTP
     Request Smuggling attack. Configurations are affected
     when mod_proxy is enabled along with some form of RewriteRule
     or ProxyPassMatch in which a non-specific pattern matches
     some portion of the user-supplied request-target (URL)
     data and is then re-inserted into the proxied request-target
     using variable substitution. (Closes: #1032476)
   * Backport perl-framework testsuite from sid
   * Backport regression fix for CVE-2023-25690
Checksums-Sha1:
 1b44c2b9bf4495c76605ba6f996f23c2721cdee5 3363 apache2_2.4.38-3+deb10u10.dsc
 e06ec00b95fee8b9db13abc0daaf58e8098a8d54 1104408 apache2_2.4.38-3+deb10u10.debian.tar.xz
 e72705fd292ebee852dc7f87acc8774fc29eb2b4 12190 apache2_2.4.38-3+deb10u10_amd64.buildinfo
Checksums-Sha256:
 c6ae667395293ef81a94bf83a4cdb08781af467959740e40aa266cf609f111ad 3363 apache2_2.4.38-3+deb10u10.dsc
 3ee2646e17bcb20b7dd7932b13b839dcc2a7c4e14472c502004d8acbf95f7798 1104408 apache2_2.4.38-3+deb10u10.debian.tar.xz
 1de97254084db618e5366a2aa901223805d2c1b1118e12a3d2dce7117df9719b 12190 apache2_2.4.38-3+deb10u10_amd64.buildinfo
Files:
 c00a35d7fe9e8c7a0cfbdd7c4e4f29bc 3363 httpd optional apache2_2.4.38-3+deb10u10.dsc
 8bf613c2924497120933a00cae3ce06c 1104408 httpd optional apache2_2.4.38-3+deb10u10.debian.tar.xz
 de75603fba43ceb688e4d188a84c1f78 12190 httpd optional apache2_2.4.38-3+deb10u10_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmRG5AIRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF+wBhAAsaVhPkAZ0U18xs9yAcXsqxORSNxutSGV
6/zqZx17Czgs0kN+xnhV7rkwCiclDQPgmfoUisUuLR/bRxiskXiUxKu6/d2AQo78
YmbqyzlFry3uCZCxKg+XKP0why8YgD+TGTjr8jH1fyZwyTeliYCTgTJrUOllMLy1
BQjGBwNVad/G57pczKqyqFUPOLnxHri3UdwM0U8Yo5DhqWdjQ8y/+uZbRVEiVJ9U
FfaRW8Adjq3mDn6MPpv1kxopIliyvRQaNAI++hwiPhePuWhl78bpOelujPlJvM36
f3SWnZQbAUt6JXnGqTe+iHRTb1Id+CuQf12szsSr5LdpnXPWdKyiWBX67i18O0gZ
+kd5FGIX/8CGFCMGtY39u5KCWtIZEGQ5gGNHJWE9e/bmAHMhCoyMDz52FNv2MLI3
TtO1CjiQTh6T25cJa9VTMXkKitsNMmi25EblM5tI4iAcpXvUhJaa56TJ3RZVwg90
u6odsdyU3t74xMv0p3huQ9iUZr/XCV0ZtB5aIrgC3KT7hI3HVckGhAlrYgSHNJXU
HRVf5CxNkEV9eY16mF1dPXw7Zz0elNah7YvuDqGEAmpuy0MaWaL+BK+ICxY8HGyz
UXKuI38uOuwnSl+rmJS4k36sdG0Wmhq9fkVXEXsGb20QV+fGz3UJ4v0xm4cXOrmK
ypzkWhgJ308=
=y111
-----END PGP SIGNATURE-----

News for package apache2