apache2 - Debian Package Tracker

general

source: apache2 (main)
version: 2.4.51-2
maintainer: Debian Apache Maintainers (archive) (DMD)
uploaders: Stefan Fritsch [DMD] – Arno Töll [DMD] – Yadd [DMD] – Ondřej Surý [DMD]
arch: all any
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.4.25-3+deb9u9
o-o-sec: 2.4.25-3+deb9u11
o-o-bpo-sl: 2.4.46-1~bpo9+1
oldstable: 2.4.38-3+deb10u5
old-sec: 2.4.38-3+deb10u6
old-bpo: 2.4.51-1~bpo10+2
old-p-u: 2.4.38-3+deb10u6
stable: 2.4.48-3.1+deb11u1
stable-sec: 2.4.51-1~deb11u1
stable-p-u: 2.4.51-1~deb11u1
testing: 2.4.51-2
unstable: 2.4.51-2

versioned links

2.4.25-3+deb9u9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.25-3+deb9u11: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.38-3+deb10u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.38-3+deb10u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.46-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.48-3.1+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.51-1~bpo10+2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.51-1~deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.51-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

apache2 (113 bugs: 1, 73, 39, 0)
apache2-bin (39 bugs: 0, 30, 9, 0)
apache2-data
apache2-dev (4 bugs: 0, 2, 2, 0)
apache2-doc (4 bugs: 0, 2, 2, 0)
apache2-ssl-dev
apache2-suexec-custom (3 bugs: 0, 2, 1, 0)
apache2-suexec-pristine (3 bugs: 0, 1, 2, 0)
apache2-utils (8 bugs: 0, 4, 4, 0)
libapache2-mod-md
libapache2-mod-proxy-uwsgi (1 bugs: 0, 1, 0, 0)

action needed

15 bugs tagged patch in the BTS normal

The BTS contains patches fixing 15 bugs (17 if counting merged bugs), consider including or untagging them.

Created: 2021-08-14 Last update: 2021-12-08 19:30

10 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 02989e6ddea2a16dd272064c48f924fc00a40ea5
Author: Yadd <yadd@debian.org>
Date:   Mon Oct 25 18:49:14 2021 +0200

    Update lintian overrides

commit 051e87dfaa875df098b4ec55fecedf46160538b3
Merge: 4054659e 835313c5
Author: Yadd <yadd@debian.org>
Date:   Mon Oct 25 18:45:27 2021 +0200

    Refresh patches and update CVE list

commit 835313c581f4e5c3ecf969c6d5886427ee4dd44e
Author: Yadd <yadd@debian.org>
Date:   Mon Oct 25 18:22:40 2021 +0200

    Refresh suexec-custom.patch

commit 0c42cd7700a1d08b48c4d8dc32f5b2be33e7d15c
Author: Yadd <yadd@debian.org>
Date:   Fri Oct 8 09:56:52 2021 +0200

    Revert "Fix CVE-2021-36160 regression (when proxying to uwsgi) introduced in 2.4.49"
    
    This reverts commit de26dd2fc060c79fbd1046c84fb1a50106f7d5b2.

commit b445fa24a1bd40230da334ac599e801e6fc2aaeb
Author: Yadd <yadd@debian.org>
Date:   Fri Oct 8 09:56:42 2021 +0200

    Group 2.4.51 changelog

commit de26dd2fc060c79fbd1046c84fb1a50106f7d5b2
Author: Yadd <yadd@debian.org>
Date:   Fri Oct 8 06:30:39 2021 +0200

    Fix CVE-2021-36160 regression (when proxying to uwsgi) introduced in 2.4.49

commit 737289fe08be466e18a4aceb2c1d5b9dfc7e5c98
Author: Yadd <yadd@debian.org>
Date:   Thu Oct 7 20:24:09 2021 +0200

    releasing package apache2 version 2.4.51-1~deb11u1

commit fd2745841b2e8ae7bb11d6eb5140eb18dd3b4efc
Author: Yadd <yadd@debian.org>
Date:   Thu Oct 7 19:50:14 2021 +0200

    releasing package apache2 version 2.4.51-1~deb11u1

commit 75ad60160988df2deb0d2f4c52dc37e0be279032
Author: Yadd <yadd@debian.org>
Date:   Thu Oct 7 19:49:40 2021 +0200

    Refresh patches

commit 2be4c43a7dae6352672da14a48bed305d40a7073
Merge: e1fb918d 4167421e
Author: Yadd <yadd@debian.org>
Date:   Thu Oct 7 19:44:54 2021 +0200

    Update upstream source from tag 'upstream/2.4.51'
    
    Update to upstream version '2.4.51'
    with Debian dir 6135a53b3bcc4e16d52952909d9737bba151594d

Created: 2021-10-25 Last update: 2021-12-01 13:05

lintian reports 9 warnings normal

Lintian reports 9 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-10-13 Last update: 2021-11-05 04:31

RFH: The maintainer is looking for help with this package. normal

The current maintainer is looking for someone who can help with the maintenance of this package. If you are interested in this package, please consider helping out. One way you can help is offer to be a co-maintainer or triage bugs in the BTS. Please see bug number #910917 for more information.

Created: 2018-10-13 Last update: 2020-01-27 22:50

2 low-priority security issues in buster low

There are 2 open security issues in buster.

1 issue left for the package maintainer to handle:

CVE-2021-33193: (postponed; to be fixed through a stable update) A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.

You can find information about how to handle this issue in the security team's documentation.

1 ignored issue:

CVE-2019-17567: Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.

Created: 2021-06-06 Last update: 2021-12-05 06:30

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2018-07-28 Last update: 2018-07-28 20:07

testing migrations

This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-openldap transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2021-11-13] Accepted apache2 2.4.51-1~bpo10+2 (source) into buster-backports->backports-policy, buster-backports (Debian FTP Masters) (signed by: Xavier Guimard)
[2021-10-28] apache2 2.4.51-2 MIGRATED to testing (Debian testing watch)
[2021-10-25] Accepted apache2 2.4.51-2 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2021-10-15] Accepted apache2 2.4.51-1~bpo10+1 (source) into oldstable-backports-sloppy->backports-policy, oldstable-backports-sloppy (Debian FTP Masters) (signed by: Xavier Guimard)
[2021-10-10] apache2 2.4.51-1 MIGRATED to testing (Debian testing watch)
[2021-10-09] Accepted apache2 2.4.38-3+deb10u6 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2021-10-09] Accepted apache2 2.4.51-1~deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2021-10-09] Accepted apache2 2.4.50-1~deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2021-10-09] Accepted apache2 2.4.49-1~deb11u3 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2021-10-09] Accepted apache2 2.4.49-1~deb11u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2021-10-09] Accepted apache2 2.4.49-1~deb11u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2021-10-08] Accepted apache2 2.4.49-1~deb11u2 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Xavier Guimard)
[2021-10-08] Accepted apache2 2.4.51-1~deb11u1 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Xavier Guimard)
[2021-10-08] Accepted apache2 2.4.38-3+deb10u6 (source) into oldstable->embargoed, oldstable (Debian FTP Masters) (signed by: Xavier Guimard)
[2021-10-08] Accepted apache2 2.4.49-1~deb11u1 (source amd64 all) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Xavier Guimard)
[2021-10-08] Accepted apache2 2.4.50-1~deb11u1 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Xavier Guimard)
[2021-10-08] Accepted apache2 2.4.49-1~deb11u3 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Xavier Guimard)
[2021-10-08] Accepted apache2 2.4.49-1~bpo10+1 (source amd64 all) into oldstable-backports-sloppy->backports-policy, oldstable-backports-sloppy (Debian FTP Masters) (signed by: Xavier Guimard)
[2021-10-07] Accepted apache2 2.4.51-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2021-10-07] apache2 2.4.50-1 MIGRATED to testing (Debian testing watch)
[2021-10-05] Accepted apache2 2.4.50-1 (source) into unstable (Ondřej Surý)
[2021-10-05] apache2 2.4.49-4 MIGRATED to testing (Debian testing watch)
[2021-10-02] Accepted apache2 2.4.25-3+deb9u11 (source) into oldoldstable (Sylvain Beucler)
[2021-10-01] Accepted apache2 2.4.49-4 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2021-09-30] Accepted apache2 2.4.49-3 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2021-09-25] apache2 2.4.49-2 MIGRATED to testing (Debian testing watch)
[2021-09-23] Accepted apache2 2.4.49-2 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2021-09-22] apache2 2.4.49-1 MIGRATED to testing (Debian testing watch)
[2021-09-16] Accepted apache2 2.4.49-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2021-08-16] apache2 2.4.48-4 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 190 195
RC: 1
I&N: 130 132
M&W: 57 60
F&P: 2
patch: 15 17

links

homepage
lintian (0, 9)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.4.48-3.1ubuntu4
62 bugs (5 patches)
patches for 2.4.48-3.1ubuntu4