Debian Package Tracker

From: Stefan Fritsch <sf@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted apache2 2.4.25-3+deb9u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates
Date: Sat, 24 Jun 2017 14:47:09 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 20 Jun 2017 21:29:11 +0200
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg
Architecture: source amd64 all
Version: 2.4.25-3+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
Changes:
 apache2 (2.4.25-3+deb9u1) stretch-security; urgency=high
 .
   * Backport security fixes from 2.4.26:
   * CVE-2017-3167: Authentication bypass with ap_get_basic_auth_pw()
   * CVE-2017-3169: mod_ssl NULL pointer dereference
   * CVE-2017-7668: Buffer overrun in ap_find_token()
   * CVE-2017-7679: mod_mime buffer overread
   * CVE-2017-7659: mod_http2 NULL pointer dereference
Checksums-Sha1:
 9eaffd3b36b553228d268336b200072ba9687896 2986 apache2_2.4.25-3+deb9u1.dsc
 bd6d138c31c109297da2346c6e7b93b9283993d2 6398218 apache2_2.4.25.orig.tar.bz2
 2871b478c1a478e6fe0df86420cb1e3f2e1c1f56 697596 apache2_2.4.25-3+deb9u1.debian.tar.xz
 a255ee76480504cf8797da0487a2c653f79c1a48 1180590 apache2-bin_2.4.25-3+deb9u1_amd64.deb
 aaad0a9b6ce2f3d4ba877d7fd8788444d237e98f 162204 apache2-data_2.4.25-3+deb9u1_all.deb
 78503cae81de1465725bbb778f0782d4669f71cc 4001440 apache2-dbg_2.4.25-3+deb9u1_amd64.deb
 7aaee097672baca53bb31090219be33fb9ebe1d1 313086 apache2-dev_2.4.25-3+deb9u1_amd64.deb
 2686fb34433cfb92feee6c37c09d085aab84dbc3 3770236 apache2-doc_2.4.25-3+deb9u1_all.deb
 2e2e4032d08cf9b6feea32373b063df4378da479 2264 apache2-ssl-dev_2.4.25-3+deb9u1_amd64.deb
 659eac8a10164ecbd97e4ade28c6fdfbc881d931 154592 apache2-suexec-custom_2.4.25-3+deb9u1_amd64.deb
 d1a339b7e7b8d8bd1f609da62e7d13426960edb1 153122 apache2-suexec-pristine_2.4.25-3+deb9u1_amd64.deb
 5110d76e2458341094435056eed8dbfaade4b567 216504 apache2-utils_2.4.25-3+deb9u1_amd64.deb
 f71b69d1f9b915845cb2a3352be6d44eca9807c9 9685 apache2_2.4.25-3+deb9u1_amd64.buildinfo
 7bd8e2805adb92c41452ab79eb59f3f84c625042 235120 apache2_2.4.25-3+deb9u1_amd64.deb
Checksums-Sha256:
 12864b828384d378f66df57f7650fb1978b651d969e7439995ca0a4e0f3a42cd 2986 apache2_2.4.25-3+deb9u1.dsc
 f87ec2df1c9fee3e6bfde3c8b855a3ddb7ca1ab20ca877bd0e2b6bf3f05c80b2 6398218 apache2_2.4.25.orig.tar.bz2
 136c5afc8e4a90830e0e3291141afee7e3a008e639cfa47ff099de2f05a95e9d 697596 apache2_2.4.25-3+deb9u1.debian.tar.xz
 33acabc00ccc6d600b165cdc0b3b8253df6c123a3b781ea509807e0ebe15b1ee 1180590 apache2-bin_2.4.25-3+deb9u1_amd64.deb
 3dd324a830f358e80b85b26914c61708315f3c51ec65d09ab01fba4e31e82998 162204 apache2-data_2.4.25-3+deb9u1_all.deb
 04a9a15b3347d595fbfcc975b824bd21c022405eab0748bbf3218208758cf9f2 4001440 apache2-dbg_2.4.25-3+deb9u1_amd64.deb
 c84da034590614a8e9e88954352ee4aa94b5c76af1438858a38f715b1e9b3d68 313086 apache2-dev_2.4.25-3+deb9u1_amd64.deb
 7e155ffb21d7a7026be4871e8b582867ad43b6e95466ce057f92ca63f197e37b 3770236 apache2-doc_2.4.25-3+deb9u1_all.deb
 19d2e1fdd14059cf5b0deaade2eb44a8a78e8d97eb062d06407b3537e21fa829 2264 apache2-ssl-dev_2.4.25-3+deb9u1_amd64.deb
 5163c22575a001188e573c3acfed1a3e3b318aedb8a396c47e79ebf3ffa70be0 154592 apache2-suexec-custom_2.4.25-3+deb9u1_amd64.deb
 b775e0e01ac5a2c44a681d2c4ae5f51c7d1593eb423b8d94ccc3c21889415f15 153122 apache2-suexec-pristine_2.4.25-3+deb9u1_amd64.deb
 191cedd2e6039671677a2d801e1b0b6b5075204995d9e763375ad9450de5bf74 216504 apache2-utils_2.4.25-3+deb9u1_amd64.deb
 ea710c2bec54a9aade09cffeed1698abbccb7ebe47f514140a54e1b24c913653 9685 apache2_2.4.25-3+deb9u1_amd64.buildinfo
 1a99bf882872d0ec4f7f1be2deb1c2a7b42c55ad011fd4703c6beb953ced0317 235120 apache2_2.4.25-3+deb9u1_amd64.deb
Files:
 0c5b4d8669a0a9b74ded631e7cf3ed81 2986 httpd optional apache2_2.4.25-3+deb9u1.dsc
 2826f49619112ad5813c0be5afcc7ddb 6398218 httpd optional apache2_2.4.25.orig.tar.bz2
 dcb711aabde294fc4ae6295ee63d9cb9 697596 httpd optional apache2_2.4.25-3+deb9u1.debian.tar.xz
 d871471c8ea2df6907aa6e5213dd7be6 1180590 httpd optional apache2-bin_2.4.25-3+deb9u1_amd64.deb
 6d61adb61bead600cea19fc63c4f2e76 162204 httpd optional apache2-data_2.4.25-3+deb9u1_all.deb
 3545cbae0d130c9d99d100ff20f74bf4 4001440 debug extra apache2-dbg_2.4.25-3+deb9u1_amd64.deb
 fa7b13f97183044b1cd705708c40741c 313086 httpd optional apache2-dev_2.4.25-3+deb9u1_amd64.deb
 5f94bc6931607da7847e3e89721b45e3 3770236 doc optional apache2-doc_2.4.25-3+deb9u1_all.deb
 3a4d5f4451e1c4107e9060d2adabb9d4 2264 httpd optional apache2-ssl-dev_2.4.25-3+deb9u1_amd64.deb
 f9ccaad6c5001b9b422d0164f9d8f3a6 154592 httpd extra apache2-suexec-custom_2.4.25-3+deb9u1_amd64.deb
 57aaf6e7f82b3613e5d0591b940d4b3d 153122 httpd optional apache2-suexec-pristine_2.4.25-3+deb9u1_amd64.deb
 173fd6b4b0bab7b45552476e9c32101e 216504 httpd optional apache2-utils_2.4.25-3+deb9u1_amd64.deb
 18aefc2c8034ecac8ae32e69d7c49583 9685 httpd optional apache2_2.4.25-3+deb9u1_amd64.buildinfo
 0ff629af7577992762e96545670b3e51 235120 httpd optional apache2_2.4.25-3+deb9u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOpiNza8JqByyYYsxxodfNUHO/eAFAllJgEsACgkQxodfNUHO
/eCkQxAAxDkXMnl6Bo+uhKHGt9WC4UdRccx9dZVjoJUmN99ATpYwYJORxEDJtce2
Cnd2NvhX/s1N27Tkgwe0gs8sIO06qU/WsBev1kGIbk0CARuXbx8Sl9BkY1VEvSG8
SB9VrI6R+sUjFFsaAFfjtQ/Wg6TPa0y5ddn5BjoGkSnQjHULEoNd5eL2a4fbSfsv
tHC3wsRhaseCglylTGeFM6FbP90FVe7LmLaWw4A+DlOKlETvoRSfOr1T2YBzZE21
ixA6FO6l8psfYDnp7UpFWoHR64wZwnvBB4oPqZ0O1zYxxm8CfBopbsRvGi+nCdDM
m/hR3fTJMtnzlHUa+kIjh+an/auYhXnY5xQU8LeGF2wPJuOrFeiLU68RW9tfnHll
FUZEPv/mlhS9cjHIc65R3/FxBjSZJz2lzeWTspNvFqNtOBTY5fYHmx3VlpMnfDLL
zjpLC7El64IDO9fuMESQH/1HL6QCZ+rKT7s8TNgBoetob9aVnbwXdYMj7w9IlNH9
fAhXAaUwCcTdL6LN/vhXMMqpRtN6QTaDtjwtDqSWV42tJtkfxQ7noBzseWnlQotR
g9cfaG+GLN5ZnChA7t/lxo1i+p8swfvvovCEVQXn/w/gz+Evr2/ujBZkEKPc8JKA
SdcJW5XUMbWwpAbb20quHLYEf6qn1vVtCpqYcPzsC0p3wF3GGa4=
=c/Fz
-----END PGP SIGNATURE-----
News for package apache2
