-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 26 May 2018 08:23:08 -0400 Source: apache2 Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg Architecture: source amd64 all Version: 2.2.22-13+deb7u13 Distribution: wheezy-security Urgency: high Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Roberto C. Sanchez <roberto@debian.org> Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-itk - multiuser MPM for Apache 2.2 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-bin - Apache HTTP Server common binary files apache2.2-common - Apache HTTP Server common files Changes: apache2 (2.2.22-13+deb7u13) wheezy-security; urgency=high . * Non-maintainer upload by the LTS Security team. * CVE-2017-15710: Potential denial of service in mod_authnz_ldap; if configured with AuthLDAPCharsetConfig, could cause an out of bound write if supplied with a crafted Accept-Language header * CVE-2018-1301: a specially crafted request could have crashed the Apache HTTP Server, due to an out of bound access after a size limit is reached by reading the HTTP header * CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent by mod_auth_digest to prevent replay attacks was not correctly generated using a pseudo-random seed Checksums-Sha1: af51a26e93f6656630d7593a610cf0d2b6460649 2925 apache2_2.2.22-13+deb7u13.dsc 6e8ad0b9062b69070534f98d3d26eb931431cdc1 272743 apache2_2.2.22-13+deb7u13.debian.tar.gz dae22c12f4ee5b96d560ed7b367ecf1136b54d28 294276 apache2.2-common_2.2.22-13+deb7u13_amd64.deb c57d4e6be19783e1885e55bb5da1bbe0f069a480 798098 apache2.2-bin_2.2.22-13+deb7u13_amd64.deb 60fa14834b3e6514f53824c88d05d3213a199931 2236 apache2-mpm-worker_2.2.22-13+deb7u13_amd64.deb 5d6545355f2beab10e0215bee0df64320d37cb25 2340 apache2-mpm-prefork_2.2.22-13+deb7u13_amd64.deb d2a9079b07f0ae4f8835a7b209f9c56f96c9bcd1 2292 apache2-mpm-event_2.2.22-13+deb7u13_amd64.deb 3c3822da4aaf0f5b332761f82a841ee888bfed01 2320 apache2-mpm-itk_2.2.22-13+deb7u13_amd64.deb 49bbbc8bfa4d5be2becbf1e7883836842cc94f3d 164876 apache2-utils_2.2.22-13+deb7u13_amd64.deb abfe6ba2ec031c7d4b12c435775067608d668163 108362 apache2-suexec_2.2.22-13+deb7u13_amd64.deb c181ab93ec1b298d36fe550c636344b09a0bdca9 109900 apache2-suexec-custom_2.2.22-13+deb7u13_amd64.deb 8509bef0e4ba62d6cdc889274e6ac811b7059430 1438 apache2_2.2.22-13+deb7u13_amd64.deb 759170d028cddba4cb198b54d8bdf3cfa0e8a325 1779578 apache2-doc_2.2.22-13+deb7u13_all.deb 6f897d6d7de224d9c62ee7a295a4dcc802718e63 115262 apache2-prefork-dev_2.2.22-13+deb7u13_amd64.deb d2aa76193ced17ce1802cca3276697ac5dde390a 116160 apache2-threaded-dev_2.2.22-13+deb7u13_amd64.deb 6b23c04ebd292918bfac781a4b7fa2cd22da09a0 1739872 apache2-dbg_2.2.22-13+deb7u13_amd64.deb Checksums-Sha256: fd8da0239060e46e57c24e51b5259637d97bb40643467398dbc0782a98643eda 2925 apache2_2.2.22-13+deb7u13.dsc 7467c4580dd17c0a3e338fe5346d5dd1d9b9181f0ae19fa513f1bd35c839deed 272743 apache2_2.2.22-13+deb7u13.debian.tar.gz ba05d57ea066ba19fa9a3b15ae09152a2fe4fe53acc870d117f7f374d856b9e4 294276 apache2.2-common_2.2.22-13+deb7u13_amd64.deb 5019238a684c0aa27d2bc4c8864fa4bc98a78593581ad74723719b1e2c5964da 798098 apache2.2-bin_2.2.22-13+deb7u13_amd64.deb d09aeeb5614f82e32f017bdd5379c455c3eb791f9eca373e4f27475483bcf917 2236 apache2-mpm-worker_2.2.22-13+deb7u13_amd64.deb 8d034a2068b7edb435b57c59a24b46d9482edff43aef550245de4fc2b9b09625 2340 apache2-mpm-prefork_2.2.22-13+deb7u13_amd64.deb 897f0378e188075c1a974170316feb93e3b13f7916a1666096a0815362082560 2292 apache2-mpm-event_2.2.22-13+deb7u13_amd64.deb c80b1392862c58a22e50514f8dc1a1872ece6e5e21994713520942feb317018f 2320 apache2-mpm-itk_2.2.22-13+deb7u13_amd64.deb 713e559ce9e5ec83a7773257d04def84d565e9fcb3c21b69c6ef99a9373ab3e9 164876 apache2-utils_2.2.22-13+deb7u13_amd64.deb 0ec24094fe0fe9362299b10678ac8b676164d6b41cbda6bd203a422456d2f5c8 108362 apache2-suexec_2.2.22-13+deb7u13_amd64.deb 3e58a622a8268e67f19432a9f7205d65ce25e0f6985fedcb5827e3b2408be6c6 109900 apache2-suexec-custom_2.2.22-13+deb7u13_amd64.deb ce7dbb9b09f2299440aef0f273a66ce4db4142da0471f4c90e6fae2e96575ec1 1438 apache2_2.2.22-13+deb7u13_amd64.deb b02762ae3b956a8942b53177e9a90d52b38c985c3db66f77cacc7b746f90f49f 1779578 apache2-doc_2.2.22-13+deb7u13_all.deb 04bbc741ca32c7b11e6a0adcab5b93e110b7c2af129958fe52ab6607498a5c9c 115262 apache2-prefork-dev_2.2.22-13+deb7u13_amd64.deb 90f31fc7692000974d66319ec21185bddc380f46870ad25ee26fdc79e328ace0 116160 apache2-threaded-dev_2.2.22-13+deb7u13_amd64.deb b9eeb45be2069de86b66caf7695fce53bf0437f4a4e17d7102d68e58f7ae1ff8 1739872 apache2-dbg_2.2.22-13+deb7u13_amd64.deb Files: b33e14f81d93804e60f2091c2010fc57 2925 httpd optional apache2_2.2.22-13+deb7u13.dsc 782dad1c541eef9f30a325934b62e361 272743 httpd optional apache2_2.2.22-13+deb7u13.debian.tar.gz f51c6b3f719b4f9d0bd8e692033b1637 294276 httpd optional apache2.2-common_2.2.22-13+deb7u13_amd64.deb 61b57b18215346833e91ab0090371488 798098 httpd optional apache2.2-bin_2.2.22-13+deb7u13_amd64.deb 51aca65d332693ee270fc18d1f138d08 2236 httpd optional apache2-mpm-worker_2.2.22-13+deb7u13_amd64.deb e733cf038660d75b52bc55f0b9486f51 2340 httpd optional apache2-mpm-prefork_2.2.22-13+deb7u13_amd64.deb 372e3c50d37d56571e4bd79994a8e0b9 2292 httpd optional apache2-mpm-event_2.2.22-13+deb7u13_amd64.deb dbee588c94667a1a9e8f87a06f2ce05d 2320 httpd extra apache2-mpm-itk_2.2.22-13+deb7u13_amd64.deb b1c247fdb756e734b49f3d9239f1e23f 164876 httpd optional apache2-utils_2.2.22-13+deb7u13_amd64.deb 21930b3fe52df0e150cb56eff4dc179e 108362 httpd optional apache2-suexec_2.2.22-13+deb7u13_amd64.deb 1fa7edec29dc581b48e6a0bb212843ce 109900 httpd extra apache2-suexec-custom_2.2.22-13+deb7u13_amd64.deb 3d4eadbea0d3efe460eecf4fd1820190 1438 httpd optional apache2_2.2.22-13+deb7u13_amd64.deb 22bbea8481edff426fa8e3e8fda81666 1779578 doc optional apache2-doc_2.2.22-13+deb7u13_all.deb cbff5254803bcef3b8c3014dc91a8b0c 115262 httpd extra apache2-prefork-dev_2.2.22-13+deb7u13_amd64.deb 8f2c0735504786b796e9511b49fc3c27 116160 httpd extra apache2-threaded-dev_2.2.22-13+deb7u13_amd64.deb cc48312f632bfa277d24850b9b2b5725 1739872 debug extra apache2-dbg_2.2.22-13+deb7u13_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAlsOlygACgkQLNd4Xt2n sg+S2g//b3T30kCy7oJayU++P4mzv46itflFiiODyy2KxOeo3Mrcf2TUI/mC2jOz JFnlCOOg1QBmsIdyDDK37M3xGNuQOeQeOzbx6NvROjSryTKfnGFDY1p6+w72qz2P dmOGpoKfklL3ZeK8WMMjjGOeBmQNqhAURuR+i55Y/KiSNnjm50SSYvlmB1d4ZEXF EOHrc4E7Ec8wNOlORyuPWML3gz2hIfOiOzC4IDfagx75gPj3EhNhwBWrV0073tDU wwavdpkT7CGZ7nqKfr+2lVqNG2/Dh0LjqJoqwoVCNQXsCF+RDDrYtpzN8b/VjS1k +/W2opF2BNNOJ6Y9H7BWLBxj0KQHZcZcunNxaNMSNrlrgweOXD18z11LS4OE+Jqw kgbJrZReLtnQJlbp5bT26P5f8UYXU3Vt0KYToL8p+RFjwuJED/e8xPGHSee+GnMA sY7kmkWNwhwPUzZKzjCgVKCl827T9DibJzBXe2y+sZxwPGSoFTnu/IAGchRKA3v1 lr22RhiUZlFmo+a/44JFZ4LBSCfNSVgYhmFviGA/z6QhoqZz6G/UwbA5DVJlMNLx ErS5A3noGmnZjyfn+sf7KQhYoVqEyU3kgQr5BW4FBPvVPqKfBgVyQQJr2Q7SzaBs nc2kpLNZf77UYs2TOsXV4YO732vV339sTngS0Axp16C6hZ8UzFo= =tA1n -----END PGP SIGNATURE-----