[ubuntu/impish-proposed] apache2 2.4.46-4ubuntu2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Mon Jun 21 15:06:17 UTC 2021
apache2 (2.4.46-4ubuntu2) impish; urgency=medium
* SECURITY UPDATE: mod_proxy_http denial of service.
- debian/patches/CVE-2020-13950.patch: don't dereference NULL proxy
connection in modules/proxy/mod_proxy_http.c.
- CVE-2020-13950
* SECURITY UPDATE: stack overflow via Digest nonce in mod_auth_digest
- debian/patches/CVE-2020-35452.patch: fast validation of the nonce's
base64 to fail early if the format can't match anyway in
modules/aaa/mod_auth_digest.c.
- CVE-2020-35452
* SECURITY UPDATE: DoS via cookie header in mod_session
- debian/patches/CVE-2021-26690.patch: save one apr_strtok() in
session_identity_decode() in modules/session/mod_session.c.
- CVE-2021-26690
* SECURITY UPDATE: heap overflow via SessionHeader
- debian/patches/CVE-2021-26691.patch: account for the '&' in
identity_concat() in modules/session/mod_session.c.
- CVE-2021-26691
* SECURITY UPDATE: Unexpected matching behavior with 'MergeSlashes OFF'
- debian/patches/CVE-2021-30641.patch: change default behavior in
server/request.c.
- CVE-2021-30641
Date: Thu, 17 Jun 2021 13:09:41 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu2
-------------- next part --------------
Format: 1.8
Date: Thu, 17 Jun 2021 13:09:41 -0400
Source: apache2
Built-For-Profiles: noudeb
Architecture: source
Version: 2.4.46-4ubuntu2
Distribution: impish
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
apache2 (2.4.46-4ubuntu2) impish; urgency=medium
.
* SECURITY UPDATE: mod_proxy_http denial of service.
- debian/patches/CVE-2020-13950.patch: don't dereference NULL proxy
connection in modules/proxy/mod_proxy_http.c.
- CVE-2020-13950
* SECURITY UPDATE: stack overflow via Digest nonce in mod_auth_digest
- debian/patches/CVE-2020-35452.patch: fast validation of the nonce's
base64 to fail early if the format can't match anyway in
modules/aaa/mod_auth_digest.c.
- CVE-2020-35452
* SECURITY UPDATE: DoS via cookie header in mod_session
- debian/patches/CVE-2021-26690.patch: save one apr_strtok() in
session_identity_decode() in modules/session/mod_session.c.
- CVE-2021-26690
* SECURITY UPDATE: heap overflow via SessionHeader
- debian/patches/CVE-2021-26691.patch: account for the '&' in
identity_concat() in modules/session/mod_session.c.
- CVE-2021-26691
* SECURITY UPDATE: Unexpected matching behavior with 'MergeSlashes OFF'
- debian/patches/CVE-2021-30641.patch: change default behavior in
server/request.c.
- CVE-2021-30641
Checksums-Sha1:
5cbca03cf47ef3ec6f86806f562fb121691c3efb 3377 apache2_2.4.46-4ubuntu2.dsc
2c863ce78ed8e7d07d106f195743a3f22a476b7f 899876 apache2_2.4.46-4ubuntu2.debian.tar.xz
5004a637ad17e4c832873aa01bfc2140da81c064 8711 apache2_2.4.46-4ubuntu2_source.buildinfo
Checksums-Sha256:
927e1238b5e37e9c8d6fb217f61210920e79a45e6c4c9be7ea14674ebee913fc 3377 apache2_2.4.46-4ubuntu2.dsc
d253e44a26548659ad051f04a3a13eef43582378b340bb97bf469c2701f7e660 899876 apache2_2.4.46-4ubuntu2.debian.tar.xz
8f5d9ac5a194b8173bd6b9c5af4c4156a57a2aa93795a5fffad3bad002dd2282 8711 apache2_2.4.46-4ubuntu2_source.buildinfo
Files:
9e5b6baba4c410606b8a1e3015fe123a 3377 httpd optional apache2_2.4.46-4ubuntu2.dsc
63f9f06c1c31b5062f0a689ce8dbf97a 899876 httpd optional apache2_2.4.46-4ubuntu2.debian.tar.xz
327210ca041cb6c48b8b08fd4a57fd8b 8711 httpd optional apache2_2.4.46-4ubuntu2_source.buildinfo
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
More information about the impish-changes
mailing list