Debian Package Tracker
Register | Log in
Subscribe

apache2

Apache HTTP Server

Choose email to subscribe with

general
  • source: apache2 (main)
  • version: 2.4.53-2
  • maintainer: Debian Apache Maintainers (archive) (DMD)
  • uploaders: Stefan Fritsch [DMD] – Arno Töll [DMD] – Yadd [DMD] – Ondřej Surý [DMD]
  • arch: all any
  • std-ver: 4.6.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 2.4.25-3+deb9u9
  • o-o-sec: 2.4.25-3+deb9u13
  • o-o-bpo-sl: 2.4.46-1~bpo9+1
  • oldstable: 2.4.38-3+deb10u5
  • old-sec: 2.4.38-3+deb10u7
  • old-bpo: 2.4.52-1~bpo10+1
  • stable: 2.4.51-1~deb11u1
  • stable-sec: 2.4.52-1~deb11u2
  • testing: 2.4.53-2
  • unstable: 2.4.53-2
versioned links
  • 2.4.25-3+deb9u9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.4.25-3+deb9u13: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.4.38-3+deb10u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.4.38-3+deb10u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.4.46-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.4.51-1~deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.4.52-1~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.4.52-1~deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.4.53-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • apache2 (115 bugs: 1, 75, 39, 0)
  • apache2-bin (40 bugs: 0, 31, 9, 0)
  • apache2-data
  • apache2-dev (4 bugs: 0, 2, 2, 0)
  • apache2-doc (4 bugs: 0, 2, 2, 0)
  • apache2-ssl-dev
  • apache2-suexec-custom (3 bugs: 0, 2, 1, 0)
  • apache2-suexec-pristine (3 bugs: 0, 1, 2, 0)
  • apache2-utils (8 bugs: 0, 4, 4, 0)
  • libapache2-mod-md
  • libapache2-mod-proxy-uwsgi (1 bugs: 0, 1, 0, 0)
action needed
lintian reports 1 error and 16 warnings high
Lintian reports 1 error and 16 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2021-10-13 Last update: 2022-01-01 04:31
17 bugs tagged patch in the BTS normal
The BTS contains patches fixing 17 bugs (19 if counting merged bugs), consider including or untagging them.
Created: 2021-08-14 Last update: 2022-05-18 13:00
version in VCS is newer than in repository, is it time to upload? normal
vcswatch reports that this package seems to have a new changelog entry (version 2.4.53-3, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:
commit e576aaddefe509afb9009b62e06a3a8ba34d832f
Merge: 53a8d7c4 94907c2e
Author: Yadd <yadd@debian.org>
Date:   Tue Mar 15 15:36:33 2022 +0100

    Merge remote-tracking branch 'origin/master'

commit 94907c2e116cfb7adf078588efc55afb22d7ce31
Author: Simon Deziel <simon@sdeziel.info>
Date:   Mon Mar 14 13:16:36 2022 -0400

    debian: update changelog

commit 9a4b902b546db69fa0c4ff1cd4ab2ae2d54a36da
Author: Simon Deziel <simon@sdeziel.info>
Date:   Thu Mar 10 10:00:09 2022 -0500

    debian: use non-capturing regex with FilesMatch
    
    Signed-off-by: Simon Deziel <simon@sdeziel.info>

commit 6645d3763038a344f7baa6cb7206d52e7a3b1f5f
Author: Simon Deziel <simon@sdeziel.info>
Date:   Thu Mar 10 09:50:51 2022 -0500

    debian: escape literal . in regexes
    
    Signed-off-by: Simon Deziel <simon@sdeziel.info>
Created: 2021-12-28 Last update: 2022-05-15 21:07
RFH: The maintainer is looking for help with this package. normal
The current maintainer is looking for someone who can help with the maintenance of this package. If you are interested in this package, please consider helping out. One way you can help is offer to be a co-maintainer or triage bugs in the BTS. Please see bug number #910917 for more information.
Created: 2018-10-13 Last update: 2020-01-27 22:50
6 low-priority security issues in buster low

There are 6 open security issues in buster.

5 issues left for the package maintainer to handle:
  • CVE-2021-33193: (postponed; to be fixed through a stable update) A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
  • CVE-2022-22719: (needs triaging) A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.
  • CVE-2022-22720: (needs triaging) Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
  • CVE-2022-22721: (needs triaging) If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
  • CVE-2022-23943: (needs triaging) Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.

You can find information about how to handle these issues in the security team's documentation.

1 ignored issue:
  • CVE-2019-17567: Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.
Created: 2021-06-06 Last update: 2022-03-26 17:38
Build log checks report 1 warning low
Build log checks report 1 warning
Created: 2018-07-28 Last update: 2018-07-28 20:07
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).
Created: 2022-05-11 Last update: 2022-05-11 23:24
testing migrations
  • This package is part of the ongoing testing transition known as auto-openssl. Please avoid uploads unrelated to this transition, they would likely delay it and require supplementary work from the release managers. On the other hand, if your package has problems preventing it to migrate to testing, please fix them as soon as possible. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
news
[rss feed]
  • [2022-05-07] Accepted apache2 2.4.53-2~bpo10+1 (source amd64 all) into oldstable-backports-sloppy->backports-policy, oldstable-backports-sloppy (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-03-22] Accepted apache2 2.4.25-3+deb9u13 (source) into oldoldstable (Emilio Pozuelo Monfort)
  • [2022-03-19] Accepted apache2 2.4.53-1~deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-03-18] apache2 2.4.53-2 MIGRATED to testing (Debian testing watch)
  • [2022-03-15] Accepted apache2 2.4.53-2 (source) into unstable (Yadd) (signed by: Xavier Guimard)
  • [2022-03-14] Accepted apache2 2.4.53-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
  • [2022-02-08] Accepted apache2 2.4.52-1~bpo10+1 (source) into buster-backports->backports-policy, buster-backports (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-02-01] Accepted apache2 2.4.25-3+deb9u12 (source) into oldoldstable (Anton Gladky)
  • [2022-01-08] Accepted apache2 2.4.38-3+deb10u7 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-01-08] Accepted apache2 2.4.52-1~deb11u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-01-08] Accepted apache2 2.4.52-1~deb11u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-01-08] Accepted apache2 2.4.38-3+deb10u7 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-01-08] Accepted apache2 2.4.38-3+deb10u7 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-01-08] Accepted apache2 2.4.52-1~deb11u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-01-08] Accepted apache2 2.4.52-1~deb11u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-01-08] Accepted apache2 2.4.38-3+deb10u7 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-01-08] Accepted apache2 2.4.38-3+deb10u7 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-01-08] Accepted apache2 2.4.38-3+deb10u7 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-01-08] Accepted apache2 2.4.38-3+deb10u7 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-01-08] Accepted apache2 2.4.52-1~deb11u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-01-08] Accepted apache2 2.4.52-1~deb11u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-01-08] Accepted apache2 2.4.52-1~deb11u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-01-08] Accepted apache2 2.4.52-1~deb11u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-01-08] Accepted apache2 2.4.52-1~deb11u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-01-08] Accepted apache2 2.4.52-1~deb11u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-01-08] Accepted apache2 2.4.52-1~deb11u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-01-08] Accepted apache2 2.4.52-1~deb11u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-01-08] Accepted apache2 2.4.52-1~deb11u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-01-08] Accepted apache2 2.4.52-1~deb11u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
  • [2022-01-04] Accepted apache2 2.4.52-1~deb11u2 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Xavier Guimard)
  • 1
  • 2
bugs [bug history graph]
  • all: 193 198
  • RC: 1
  • I&N: 133 135
  • M&W: 58 61
  • F&P: 1
  • patch: 17 19
links
  • homepage
  • lintian (1, 16)
  • buildd: logs, checks, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 2.4.52-1ubuntu4
  • 58 bugs (4 patches)
  • patches for 2.4.52-1ubuntu4

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing