Debian Package Tracker

From: Stefan Fritsch <sf@debian.org>
To:
Subject: Accepted apache2 2.4.25-3+deb9u4 (source amd64 all) into stable->embargoed, stable
Date: Tue, 03 Apr 2018 15:52:07 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 31 Mar 2018 10:47:16 +0200
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg
Architecture: source amd64 all
Version: 2.4.25-3+deb9u4
Distribution: stretch-security
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
Changes:
 apache2 (2.4.25-3+deb9u4) stretch-security; urgency=medium
 .
   * CVE-2017-15710: mod_authnz_ldap: Out of bound write in mod_authnz_ldap
     when using too small Accept-Language values.
   * CVE-2017-15715: <FilesMatch> bypass with a trailing newline in the file
     name.
     Configure the regular expression engine to match '$' to the end of
     the input string only, excluding matching the end of any embedded
     newline characters. Behavior can be changed with new directive
     'RegexDefaultOptions'.
   * CVE-2018-1283: Tampering of mod_session data for CGI applications.
   * CVE-2018-1301: Possible out of bound access after failure in reading the
     HTTP request
   * CVE-2018-1303: Possible out of bound read in mod_cache_socache
   * CVE-2018-1312: mod_auth_digest: Weak Digest auth nonce generation
Checksums-Sha1:
 ca491bbfc2356fa84a09c855ecf298f88ce94223 2986 apache2_2.4.25-3+deb9u4.dsc
 be4c0e46cd7102a9bf32e7a63b15d0ff5e61153d 705784 apache2_2.4.25-3+deb9u4.debian.tar.xz
 5cc0ad41665ba371b879b905f0dca7433a4c81c0 1182570 apache2-bin_2.4.25-3+deb9u4_amd64.deb
 160d74d78e03627b012be200b5ca331ad2cd9135 162108 apache2-data_2.4.25-3+deb9u4_all.deb
 fec079fa1072e30da927a8ce950de1454ee15b48 4002342 apache2-dbg_2.4.25-3+deb9u4_amd64.deb
 491ce07995ab661fcfa08597d132ece10ae42d91 313696 apache2-dev_2.4.25-3+deb9u4_amd64.deb
 c5e1716f0fafafbd86a2ba9c81671cbd3c7c8717 3770580 apache2-doc_2.4.25-3+deb9u4_all.deb
 9c1db97a0526adb4574253e034e72e01ded64dfc 2264 apache2-ssl-dev_2.4.25-3+deb9u4_amd64.deb
 476e6791e525d9aac12d038d8cfa961d0cc0cc7f 155000 apache2-suexec-custom_2.4.25-3+deb9u4_amd64.deb
 c06ac20b9a0f21a13d95250736391864a24745ff 153538 apache2-suexec-pristine_2.4.25-3+deb9u4_amd64.deb
 578032b7837fa13c4d7fb54eb0073d06fd51d52d 216882 apache2-utils_2.4.25-3+deb9u4_amd64.deb
 ad7716cc4e157bc66ee4a057b9aecc336e80e7cc 10102 apache2_2.4.25-3+deb9u4_amd64.buildinfo
 4c20d8e57243ababb8331436488aaf0934aad60d 235504 apache2_2.4.25-3+deb9u4_amd64.deb
Checksums-Sha256:
 822e7f8652a894f1998b471444c2cfe650ec4e4fec68f3497dbd302ba326f624 2986 apache2_2.4.25-3+deb9u4.dsc
 9e856d571d5d54212cd26bf7213f41e52063dedb8831549887ec76ba4f439073 705784 apache2_2.4.25-3+deb9u4.debian.tar.xz
 e2510d0dc55c7fc8ba5c3d542777f27a437265c84514e83150c227e24bcbcd91 1182570 apache2-bin_2.4.25-3+deb9u4_amd64.deb
 b95bcb0cb44d950edf1375db4a51538c549ebe04c5bf644504a27efd4a70fb6d 162108 apache2-data_2.4.25-3+deb9u4_all.deb
 1c212eb0adf07a97575f8eae65414d0292c3828e2dd3bdd8e7695e841eaee8c4 4002342 apache2-dbg_2.4.25-3+deb9u4_amd64.deb
 9bcf6fb3a1437f6f497c25b732ffb9dff0d621ce196babdb429b50554aa5f242 313696 apache2-dev_2.4.25-3+deb9u4_amd64.deb
 529e56d57a300ef92cb54ba4647d057a42adab83818fb3f9f51fc39b251d8b8a 3770580 apache2-doc_2.4.25-3+deb9u4_all.deb
 ec3e9504be2ab88cdd7f58650afd4a454b90dc1c4f5600617b42aeede166f6b0 2264 apache2-ssl-dev_2.4.25-3+deb9u4_amd64.deb
 424268b72ab0f9aa69c027fe8bf831493a5b0a3000e7d7fea64a50a125f471d3 155000 apache2-suexec-custom_2.4.25-3+deb9u4_amd64.deb
 b788b04bdae8e5967322168769cff3e007479d0ce006a3a754c18b2a36de36eb 153538 apache2-suexec-pristine_2.4.25-3+deb9u4_amd64.deb
 b810a586eeae8e04a296395c67e6557eeab7f4f07eafcbe5636241238dd434a2 216882 apache2-utils_2.4.25-3+deb9u4_amd64.deb
 598b433beee10d39a77e20153962b2133463459dcb4fd7ae3fc6a7cf31838e1c 10102 apache2_2.4.25-3+deb9u4_amd64.buildinfo
 5d78c6a9dea3c5f066658e9bb571243ebc6d47e51506cc6d67f2beba12ed90f0 235504 apache2_2.4.25-3+deb9u4_amd64.deb
Files:
 55601e7f667441f24da506c7fdbe2e6a 2986 httpd optional apache2_2.4.25-3+deb9u4.dsc
 fa999fcf17524ee424893d9a876f99fc 705784 httpd optional apache2_2.4.25-3+deb9u4.debian.tar.xz
 1df7a0acba40161bdcb094c9c9a03f0d 1182570 httpd optional apache2-bin_2.4.25-3+deb9u4_amd64.deb
 cd67047e6b7debf1d8647e4e49a6b383 162108 httpd optional apache2-data_2.4.25-3+deb9u4_all.deb
 fc6a6a2afa364c51d71c955c4f0429b9 4002342 debug extra apache2-dbg_2.4.25-3+deb9u4_amd64.deb
 98582663c4cb22950a4f0c82b6b8aed0 313696 httpd optional apache2-dev_2.4.25-3+deb9u4_amd64.deb
 37b5d484c970c62eedffbe3adb4da33b 3770580 doc optional apache2-doc_2.4.25-3+deb9u4_all.deb
 2f180321b37e3c11a3944702d7a049b8 2264 httpd optional apache2-ssl-dev_2.4.25-3+deb9u4_amd64.deb
 e1828b9f9fb89ff757f26f0dae03ce93 155000 httpd extra apache2-suexec-custom_2.4.25-3+deb9u4_amd64.deb
 c6fb161e3867b7b7f5ddcb5c25905aab 153538 httpd optional apache2-suexec-pristine_2.4.25-3+deb9u4_amd64.deb
 0c8e09a2056df5f89062f186be51e7bf 216882 httpd optional apache2-utils_2.4.25-3+deb9u4_amd64.deb
 9f29470ede1fc0e0db2d9728887b6126 10102 httpd optional apache2_2.4.25-3+deb9u4_amd64.buildinfo
 ce7715f80f561acfda05380cbbae7f09 235504 httpd optional apache2_2.4.25-3+deb9u4_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEOpiNza8JqByyYYsxxodfNUHO/eAFAlq/UR4ACgkQxodfNUHO
/eAzlQ//YAjznGoYGm+DGKswCkg21sOfgq50yxW3HdxPHEGS8n/RV6BwjhVGTssb
l1K0uUM6skx/6hZ/iOBTN+E3xV4a62kfjMG1IPXcSvlgk4g3Ztr/k1BRx0YAcP/A
3iFXpOB3BMsb44OwL2pszSoYbwuGVymb4EyxvCdwL2eenyoM2q3QMr7jNz06A61z
ZFd2siQkV96vJsqqW44y9v6lRDNtxgjM44E4cioWiWLhTuwi/DlekEW6lvV+lRGX
H1VSese7t+XwYWDm1lzQ7sv5AVQ/KzrDvaVtAQJ3gkEMiqLy6Y8II9NZOM3YO6wM
zohF5+jKijqCxsHOLUzFkf6wmyoFichL9N0tK0HCFx+SE8QBqbbMEahu5bwjlX8P
bbP0gWvkTr4CqRaEbNfSL1RitTgfMMcnITONj+sez7u7PW3zek+dR2mR0y01CmMf
SJdvNthbkPjIxXHmtuHHOORqIm4LBCr6QZzTCu41PRQlAMwrsx+aUo1/yCIFzYJr
q//r4zfN9E560Q16JDIVl4ow0aoyA+q88aBivABR7+PiJOJf3IMw/S+fNScotQb9
6WlPfstlJ0+jB541FHlPvDIxdBJe+EJfvduYcXtWP6THE9dPWiFBSZEC0gn3KglA
a3OWagD2zB3ift6OfDOrkt7NeyGphSZi/a0nubDheTuRqp3U8Aw=
=YtXV
-----END PGP SIGNATURE-----
News for package apache2
