-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 17 Jul 2017 08:46:19 +0100 Source: apache2 Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg Architecture: source amd64 all Version: 2.2.22-13+deb7u10 Distribution: wheezy-security Urgency: high Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-itk - multiuser MPM for Apache 2.2 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-bin - Apache HTTP Server common binary files apache2.2-common - Apache HTTP Server common files Closes: 868467 Changes: apache2 (2.2.22-13+deb7u10) wheezy-security; urgency=high . * CVE-2017-9788: The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments in the mod_auth_digest module. . Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault. Thanks to Robert Święcki for reporting this issue. (Closes: #868467) Checksums-Sha1: cd7921ba2d341fd8c65f94c91150cd952995204b 2925 apache2_2.2.22-13+deb7u10.dsc bf3bbfda967ac900348e697f26fe86b25695efe9 7200529 apache2_2.2.22.orig.tar.gz 977953db900257c46f7dc188245d42e64ed09915 263494 apache2_2.2.22-13+deb7u10.debian.tar.gz 17001df0647efd0a3beab012718a0438ed88f23f 294562 apache2.2-common_2.2.22-13+deb7u10_amd64.deb 0f458323019f551dbb708475f66b09c7eae4fc59 796136 apache2.2-bin_2.2.22-13+deb7u10_amd64.deb 14b3babf0aa2d6c3db6f4e044e8efdce5e4e1f21 2246 apache2-mpm-worker_2.2.22-13+deb7u10_amd64.deb 06164821259a91efecce10deb257b4f6a4d35038 2360 apache2-mpm-prefork_2.2.22-13+deb7u10_amd64.deb 7c8cbfb918a9343bd015fed3322b5cf08b178749 2316 apache2-mpm-event_2.2.22-13+deb7u10_amd64.deb fbd72bb0229bf70c9c2a20ef3c81545145e198f3 2340 apache2-mpm-itk_2.2.22-13+deb7u10_amd64.deb e8564827466e72a10db48b67fa3d93f45854f1a8 164090 apache2-utils_2.2.22-13+deb7u10_amd64.deb 18278e232d1a7082106fc2a15251c244dd47065f 108058 apache2-suexec_2.2.22-13+deb7u10_amd64.deb 49c34f34bb7151f28bec011882786b191c42d542 109586 apache2-suexec-custom_2.2.22-13+deb7u10_amd64.deb 372fea74d20e7c090476df927382af9c5f7a1200 1444 apache2_2.2.22-13+deb7u10_amd64.deb f01eb2c22803246242cba219ca260200fe840e13 1783856 apache2-doc_2.2.22-13+deb7u10_all.deb 55584807c7776fcf4d54dae1ce138922c2ed20ac 115158 apache2-prefork-dev_2.2.22-13+deb7u10_amd64.deb e6c722e19d37facd34b28d4726ff6cc63a68953b 116008 apache2-threaded-dev_2.2.22-13+deb7u10_amd64.deb c6526764322d02108a844977c5a14cb50efc20be 1738614 apache2-dbg_2.2.22-13+deb7u10_amd64.deb Checksums-Sha256: 276a32eb0afde13a9224d80a1070c04a82e40dc1f0106324142d4c446815256f 2925 apache2_2.2.22-13+deb7u10.dsc 74c1ffffefe1a502339b004ad6488fbd858eb425a05968cd67c05695dbc0fe7c 7200529 apache2_2.2.22.orig.tar.gz 40d8c08b30acf26156ec516f805859c4744bf97d4acfb8d31403cb4636809b6e 263494 apache2_2.2.22-13+deb7u10.debian.tar.gz 9df85d5fdd13ef4450073c9f6957a9f5381de3ff9f380a3cb6bb7c00a07555cd 294562 apache2.2-common_2.2.22-13+deb7u10_amd64.deb 6f10e86c38562f61c2fcf98c4a2cde6c6f7f06cf7ce2c770ee88a51a6f9f545f 796136 apache2.2-bin_2.2.22-13+deb7u10_amd64.deb e4b351a0b48445fbbf582e086d3b594808e241abf4e3ecd9f0d5d699aab04188 2246 apache2-mpm-worker_2.2.22-13+deb7u10_amd64.deb 06a0c3745428a0609c18ee438dea802f6fd17ed1e777b4314f467e2e68082859 2360 apache2-mpm-prefork_2.2.22-13+deb7u10_amd64.deb ef91cce3719be47b67efb3924a792bc57a69d135a25deb1f93f025e47374284b 2316 apache2-mpm-event_2.2.22-13+deb7u10_amd64.deb a5b75ec9078cb06c76e607e0bc3260dbca50ee239eb4f4fe98b9aae1d0a38175 2340 apache2-mpm-itk_2.2.22-13+deb7u10_amd64.deb 39b849edbf5518c9738cc6e92de97d39bf63286dfafac3b6d8cbdd8c5a24b22e 164090 apache2-utils_2.2.22-13+deb7u10_amd64.deb 274a7c75063f21c60db5211dde154c2a3d3156dc5f89b94ebb4eeb9be9cf38f3 108058 apache2-suexec_2.2.22-13+deb7u10_amd64.deb 54e71dadf660568f091160f440905d2e1994fb947742032e11d0e6242ae6a882 109586 apache2-suexec-custom_2.2.22-13+deb7u10_amd64.deb cd57f94d1d7c915009f601d8796a37c2f886473686e72c55486cb92a12995202 1444 apache2_2.2.22-13+deb7u10_amd64.deb b664290dc69d40e4c66fbab0fe7e00ead0858d7ad42a5d8fa8b8b9466739975f 1783856 apache2-doc_2.2.22-13+deb7u10_all.deb 3b623f186fdd7a593da680261817b54a5e2bb11b6b41619b56540dc278be52a8 115158 apache2-prefork-dev_2.2.22-13+deb7u10_amd64.deb 64561661b6eee193a5fafc30700deabfcfac11f922c8318b0c7422673f671e85 116008 apache2-threaded-dev_2.2.22-13+deb7u10_amd64.deb 107e6eb7b37d81cdb0189031a0efdfa7d89e3146babac8211071af374f0aa32b 1738614 apache2-dbg_2.2.22-13+deb7u10_amd64.deb Files: accb5cfeca86cc842240320b5b0bb13e 2925 httpd optional apache2_2.2.22-13+deb7u10.dsc d77fa5af23df96a8af68ea8114fa6ce1 7200529 httpd optional apache2_2.2.22.orig.tar.gz acd94162214b6dddba1b97b1170dfeea 263494 httpd optional apache2_2.2.22-13+deb7u10.debian.tar.gz 228849d3b886cb04304dcadcee697a21 294562 httpd optional apache2.2-common_2.2.22-13+deb7u10_amd64.deb 22a5d7c9dabd109052d73cac36925d57 796136 httpd optional apache2.2-bin_2.2.22-13+deb7u10_amd64.deb ae5336a685c4fa22013adf814109ed99 2246 httpd optional apache2-mpm-worker_2.2.22-13+deb7u10_amd64.deb 1271e6564958cb8d91d86513de807297 2360 httpd optional apache2-mpm-prefork_2.2.22-13+deb7u10_amd64.deb 40e65af8779c4d2f4bc1434deb623a16 2316 httpd optional apache2-mpm-event_2.2.22-13+deb7u10_amd64.deb bbde6cf096cfd91a3574c83366c20494 2340 httpd extra apache2-mpm-itk_2.2.22-13+deb7u10_amd64.deb a88c0c52b35ef1cc67c1d8abc2db5385 164090 httpd optional apache2-utils_2.2.22-13+deb7u10_amd64.deb c1739807bee85230454f392d9b23002e 108058 httpd optional apache2-suexec_2.2.22-13+deb7u10_amd64.deb 92e669b95c08439ce5e50c1ce0cfb321 109586 httpd extra apache2-suexec-custom_2.2.22-13+deb7u10_amd64.deb 36a66adb36d730a3daf5d58e8e7bb766 1444 httpd optional apache2_2.2.22-13+deb7u10_amd64.deb 4422b4d2f3cf77f857f0e6db0950d563 1783856 doc optional apache2-doc_2.2.22-13+deb7u10_all.deb 7abc112626e05c39efbe83390a306c0b 115158 httpd extra apache2-prefork-dev_2.2.22-13+deb7u10_amd64.deb fb79cac528687cc9d688d59bfaee0b45 116008 httpd extra apache2-threaded-dev_2.2.22-13+deb7u10_amd64.deb 3cb3369790517b4274337628b5faca51 1738614 debug extra apache2-dbg_2.2.22-13+deb7u10_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAllsboUACgkQHpU+J9Qx Hlhg2g/+N6IGPjt51YdhoXJJ4rtIwWA2jV0warISoi989QgT8tVeq7v4CP/jT8PQ LePePbhF9UMnwpeljtCDjz9G4qGRMMo7OoVFE96SerbbJ+jXzvX8Dy+ARCFketR0 aewz7rOL6H4pjTPO7vOIoVruBCZRVAM7U8RUylFC96jEemVt2XgEsxZ69Bif98/e F1Igy8/OngPS1h0QnbZAiTw0F1cp5xYtXwtG/sTsRRzoRHOVgG565XMTQhA1R1JF FcAK2ayM5mCc0FFSCn9UMK2M9VbpCgrRmFw2sniN9WhnIvtfMcEobdG/8hvlVcsH L+2Gd9PjnqPkrbcdBnHwFT6IHbGaWQChCLN5Huwm+SiMwNgZRpLhi9aM9dIufxX4 nezGd/bvsmtwfelY2kK3H9k2lIT1DpfiakuMZqvMtxYd9FHRw4BEai7HZMj7PwXn SLRifomx6Hsgf7JdiAd+tMDGrhoVobHtCr0rkC1cewjicdteMg/c6UAkgaXfTlo5 zUO3DmA6A0XH//DlB6ohy3bQOScrusSH/pwx8iXZKQx6940zmtWQsEKB7uOdOgAf zPX4lCQBTNbkwIIR0JmLJUCUV2nb3uCEqaAwQ0e8qJCK8VIE408Pqa3vQ8SLcfFm cUwu0yVYKAJVVTVADYAFFFIb8dmXIsseIDWqxYu144rKQN5X330= =K48Z -----END PGP SIGNATURE-----
