-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 24 Sep 2017 00:08:01 +0200 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg Architecture: source amd64 all Version: 2.4.27-6 Distribution: unstable Urgency: high Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Closes: 876109 876384 Changes: apache2 (2.4.27-6) unstable; urgency=high . * CVE-2017-9798: Don't allow new methods to be registered in .htaccess files which could result in HTTP OPTIONS method leaking Apache's server memory. Closes: #876109 * Fix argument escaping in apachectl. Closes: #876384 Checksums-Sha1: 277dbd6c4dbdc35de716edf93e5922779c416aec 3037 apache2_2.4.27-6.dsc 4e20690dd882e2d1cf2862c352efffff7e86d361 702204 apache2_2.4.27-6.debian.tar.xz 8e7a2fe92669793a8107922b226ab01d821f4860 1210944 apache2-bin_2.4.27-6_amd64.deb c2591565e07e0bc67cce92e03f15aa2545bfc2ba 162070 apache2-data_2.4.27-6_all.deb 614d34e21df7ffba21e6a5780c01a1650a12279f 3985494 apache2-dbg_2.4.27-6_amd64.deb f11c3bb32a3b5e9c774bce80bbeeeeea074bfa7d 317878 apache2-dev_2.4.27-6_amd64.deb e6959269c5bad03c01bf95ebd2b063b9b06c614d 3820886 apache2-doc_2.4.27-6_all.deb fce4d0a7e7c005469a5a7935f045ed14c2aab9fd 2248 apache2-ssl-dev_2.4.27-6_amd64.deb ff3d0a5f3b6af50c0032c4232b8c320e61bcb610 159126 apache2-suexec-custom_2.4.27-6_amd64.deb 97bc0b212e076876599136f68542a1648f28f2da 157570 apache2-suexec-pristine_2.4.27-6_amd64.deb 7b1ec81bedc5a6e3791b70aa4aee926538c4a5ac 222218 apache2-utils_2.4.27-6_amd64.deb 0e24ef4593cfe87844f79bdde90b8fc5aae9b617 9723 apache2_2.4.27-6_amd64.buildinfo f32bfa0db625289c1a1a6fcf0b39917b4c410841 239556 apache2_2.4.27-6_amd64.deb Checksums-Sha256: b73ffa8787be3039dac0da8a6db6f10936da81412f72d2d814c4087237071c3b 3037 apache2_2.4.27-6.dsc f8eb526bee4afb66daf91ebec40a832c3949ba0ebb00e08994d005a9e06d47bd 702204 apache2_2.4.27-6.debian.tar.xz f94f7f705dfc39b53c199f1f7ac5f9c04d6923833c096050f102ad1bbb55da69 1210944 apache2-bin_2.4.27-6_amd64.deb e0fb8f9aa28f431db06d1c86ac1993d9e4686e82786b22e77e57acb4ce0dbd57 162070 apache2-data_2.4.27-6_all.deb c0dab7c9a9035d1e6241f4fef0fb3c7165ba575b25e0fabd2f9804b8a5446639 3985494 apache2-dbg_2.4.27-6_amd64.deb 7867f7ccd249394c6afcb3b4558bd564509caaad124a30f8841760309e82c043 317878 apache2-dev_2.4.27-6_amd64.deb 0e839b308a748774f512f6ce2e2edbf22c857e76514095af5c50b0f1992f4aa9 3820886 apache2-doc_2.4.27-6_all.deb a15f9c384a507cbec9786e17dcc9984b4624366b15397f360d34a2e1e4955713 2248 apache2-ssl-dev_2.4.27-6_amd64.deb 30e87074f8bde2e73384aacb2e3b747638efb17ae513ecf5722b636eee5f3c23 159126 apache2-suexec-custom_2.4.27-6_amd64.deb b45618254d316d399e625fb204e3539f1ac78747a1e843fc7c253b486dfd5a80 157570 apache2-suexec-pristine_2.4.27-6_amd64.deb 6e120b0278fca3366b22126117dcb0ba188553b4e032fe11b80967212fb1c312 222218 apache2-utils_2.4.27-6_amd64.deb e7b607a1abae8ef0149670442737d35bca58c92d96cc1050a67f83eb058de6a5 9723 apache2_2.4.27-6_amd64.buildinfo 27c6222645a1b500a23fadc91867239ce38f1bdadff9dcb2672c5c88ee6e5a3a 239556 apache2_2.4.27-6_amd64.deb Files: 0ae173b9951fb71c08cd9d512be9302b 3037 httpd optional apache2_2.4.27-6.dsc 03166ef9bcde309ec44cbc43fdb4bf3a 702204 httpd optional apache2_2.4.27-6.debian.tar.xz 1db293eac26f0561c24ee37cd5f9412c 1210944 httpd optional apache2-bin_2.4.27-6_amd64.deb b6f135ad85621ee1147930c3d022d55a 162070 httpd optional apache2-data_2.4.27-6_all.deb 403a3bd6d89baa156fbc280de6517d81 3985494 debug optional apache2-dbg_2.4.27-6_amd64.deb fe1c8351ad734dd026696412e9227a76 317878 httpd optional apache2-dev_2.4.27-6_amd64.deb e6c5ae8b7fc464e10a6f334f160d00f4 3820886 doc optional apache2-doc_2.4.27-6_all.deb 112ed5139c769bbba0e3cd6667621f9c 2248 httpd optional apache2-ssl-dev_2.4.27-6_amd64.deb 24b4216f42d471cbeee699cef2a44bc4 159126 httpd optional apache2-suexec-custom_2.4.27-6_amd64.deb 2dfdc02dab9dc95e4653dc666dd6dde8 157570 httpd optional apache2-suexec-pristine_2.4.27-6_amd64.deb 003ceb6dd12add2bdb45e584fcbc6334 222218 httpd optional apache2-utils_2.4.27-6_amd64.deb 197710fae3790cd5e47c356c007934ec 9723 httpd optional apache2_2.4.27-6_amd64.buildinfo a3b860ebe329e38769e78dfcd89bfef6 239556 httpd optional apache2_2.4.27-6_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOpiNza8JqByyYYsxxodfNUHO/eAFAlnG3ZoACgkQxodfNUHO /eDbyxAArF6+L/M1yUDDoqV4PxSY+Ru+LDiunnFjVAt0ef5bZOAuJLcG+7IfY2Di QIWpqjojdEfC1cn6/AmDAoxIakk2hbbmFlBsWr9jlB/xcKrDGBx4EZGDKYlx95+T 6depFJXpMgM0Dd4tUyYkr7Yo24b6vgl7CR7HUpfaSH6cSJm8KupVUBg2EeeIhiEl zzF+Byf0cXs9hthsdY6M9w4qpLqOHChZjzIT8epz3s+hfS3Hg+HzJPjU8tydeARY HG4CBrnvR5Kq/jLLVvyEPAYoMBT2MOGTkA6bFBs0LAWF2TwX/q304NQwlSmjl6re gPPwzHW9QFA8SBkAER7U0yXAD/2xK+4AOi6Wt0j2bNfb2S4FrG4gAohRPqnvy4eb dJGg/ALK/NI/AcoAhv2pYg2QBXorFIX5i02GjubIWCxTkXQvQsczxFffOlPleerB NZVoPofG8ZEDVQXY+V9j2luz8b7Ll9ljBlhRkiYiZdZ35+tVtdZILc2zI8eKXcDq lZapqdBnqpR7ds0zlioTz/w4oM8D9jZHgESDAGTpF0jZdnJFV6CSDOaNCMTRKTZq g+SqosyqzrwYN2V2F/GdJziG/opXJ68g00Piq29j9TloZvQjV5S/GzvMDkd58hAx VTWrpi6ajTFzcQK6Wa8rnWtZpFwY5sUN+2VcFoKqkdtoaT78tnw= =r8In -----END PGP SIGNATURE-----