apache2 - Debian Package Tracker

general

source: apache2 (main)
version: 2.4.55-1
maintainer: Debian Apache Maintainers (archive) (DMD)
uploaders: Ondřej Surý [DMD] – Yadd [DMD] – Arno Töll [DMD] – Stefan Fritsch [DMD]
arch: all any
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.4.25-3+deb9u9
o-o-sec: 2.4.25-3+deb9u13
o-o-bpo-sl: 2.4.46-1~bpo9+1
oldstable: 2.4.38-3+deb10u8
old-sec: 2.4.38-3+deb10u7
old-bpo: 2.4.52-1~bpo10+1
stable: 2.4.54-1~deb11u1
stable-sec: 2.4.52-1~deb11u2
testing: 2.4.55-1
unstable: 2.4.55-1

versioned links

2.4.25-3+deb9u9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.25-3+deb9u13: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.38-3+deb10u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.38-3+deb10u8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.46-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.52-1~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.52-1~deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.54-1~deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.55-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

apache2 (112 bugs: 1, 73, 38, 0)
apache2-bin (40 bugs: 0, 31, 9, 0)
apache2-data
apache2-dev (4 bugs: 0, 2, 2, 0)
apache2-doc (5 bugs: 0, 3, 2, 0)
apache2-ssl-dev
apache2-suexec-custom (3 bugs: 0, 2, 1, 0)
apache2-suexec-pristine (3 bugs: 0, 1, 2, 0)
apache2-utils (8 bugs: 0, 4, 4, 0)
libapache2-mod-md
libapache2-mod-proxy-uwsgi (1 bugs: 0, 1, 0, 0)

action needed

5 security issues in buster high

There are 5 open security issues in buster.

3 important issues:

CVE-2006-20001: A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.
CVE-2022-36760: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.
CVE-2022-37436: Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

1 issue postponed or untriaged:

CVE-2021-33193: (postponed; to be fixed through a stable update) A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.

1 ignored issue:

CVE-2019-17567: Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.

Created: 2023-01-17 Last update: 2023-01-23 04:46

1 bug tagged help in the BTS normal

The BTS contains 1 bug tagged help, please consider helping the maintainer in dealing with it.

Created: 2022-12-02 Last update: 2023-02-03 07:00

16 bugs tagged patch in the BTS normal

The BTS contains patches fixing 16 bugs (18 if counting merged bugs), consider including or untagging them.

Created: 2022-07-27 Last update: 2023-02-03 07:00

4 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit f18873f35d40c23403b357bcbd73d36e54bb8717
Author: Hendrik Jäger <gitcommit@henk.geekmail.org>
Date:   Sun Jan 29 13:11:17 2023 +0100

    fix: check for existence before trying to remove

commit a79b00bb99bec1c21d20df33640936152b616e41
Author: Hendrik Jäger <gitcommit@henk.geekmail.org>
Date:   Thu Nov 24 11:40:07 2022 +0100

    fix: exit if any command in the script fails

commit 41a2f2fd05619796274f4420917fcda67e981d70
Author: MichaIng <micha@dietpi.com>
Date:   Mon Jan 23 12:48:47 2023 +0000

    Drop dependency of mod_ssl on mod_setenvif
    
    This was only left because of a comment in defaul-ssl.conf containing
    the BrowserMatch directive. However, this comment was
    referring to MSIE 2-6 and is hence removed.
    
    Solves: #987156
    
    Signed-off-by: MichaIng <micha@dietpi.com>

commit 6e250831bcf4fdf099c4367cae272782bc82c321
Author: MichaIng <micha@dietpi.com>
Date:   Mon Jan 23 12:45:15 2023 +0000

    Remove obsolete MSIE 2-6 comment
    
    Signed-off-by: MichaIng <micha@dietpi.com>

Created: 2023-01-23 Last update: 2023-01-30 03:36

lintian reports 133 warnings normal

Lintian reports 133 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2023-01-18 Last update: 2023-01-18 22:06

RFH: The maintainer is looking for help with this package. normal

The current maintainer is looking for someone who can help with the maintenance of this package. If you are interested in this package, please consider helping out. One way you can help is offer to be a co-maintainer or triage bugs in the BTS. Please see bug number #910917 for more information.

Created: 2018-10-13 Last update: 2020-01-27 22:50

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2018-07-28 Last update: 2018-07-28 20:07

testing migrations

This package will soon be part of the auto-openldap transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2023-01-23] apache2 2.4.55-1 MIGRATED to testing (Debian testing watch)
[2023-01-18] Accepted apache2 2.4.55-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-12-05] apache2 2.4.54-5 MIGRATED to testing (Debian testing watch)
[2022-11-29] Accepted apache2 2.4.54-5 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-11-24] Accepted apache2 2.4.54-4 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-10-18] apache2 2.4.54-3 MIGRATED to testing (Debian testing watch)
[2022-10-12] Accepted apache2 2.4.54-3 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-08-02] Accepted apache2 2.4.38-3+deb10u8 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Roberto C. Sanchez)
[2022-07-10] apache2 2.4.54-2 MIGRATED to testing (Debian testing watch)
[2022-07-08] Accepted apache2 2.4.54-2 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-07-02] Accepted apache2 2.4.54-1~deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2022-06-11] apache2 2.4.54-1 MIGRATED to testing (Debian testing watch)
[2022-06-09] Accepted apache2 2.4.54-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-05-07] Accepted apache2 2.4.53-2~bpo10+1 (source amd64 all) into oldstable-backports-sloppy->backports-policy, oldstable-backports-sloppy (Debian FTP Masters) (signed by: Xavier Guimard)
[2022-03-22] Accepted apache2 2.4.25-3+deb9u13 (source) into oldoldstable (Emilio Pozuelo Monfort)
[2022-03-19] Accepted apache2 2.4.53-1~deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2022-03-18] apache2 2.4.53-2 MIGRATED to testing (Debian testing watch)
[2022-03-15] Accepted apache2 2.4.53-2 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-03-14] Accepted apache2 2.4.53-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-02-08] Accepted apache2 2.4.52-1~bpo10+1 (source) into buster-backports->backports-policy, buster-backports (Debian FTP Masters) (signed by: Xavier Guimard)
[2022-02-01] Accepted apache2 2.4.25-3+deb9u12 (source) into oldoldstable (Anton Gladky)
[2022-01-08] Accepted apache2 2.4.38-3+deb10u7 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2022-01-08] Accepted apache2 2.4.52-1~deb11u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2022-01-08] Accepted apache2 2.4.52-1~deb11u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2022-01-08] Accepted apache2 2.4.38-3+deb10u7 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2022-01-08] Accepted apache2 2.4.38-3+deb10u7 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2022-01-08] Accepted apache2 2.4.52-1~deb11u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2022-01-08] Accepted apache2 2.4.52-1~deb11u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2022-01-08] Accepted apache2 2.4.38-3+deb10u7 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2022-01-08] Accepted apache2 2.4.38-3+deb10u7 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)

bugs [bug history graph]

all: 190 195
RC: 1
I&N: 132 134
M&W: 56 59
F&P: 1
patch: 16 18
help: 1

links

homepage
lintian (0, 133)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.4.55-1ubuntu1
62 bugs (4 patches)
patches for 2.4.55-1ubuntu1