[ubuntu/lunar-proposed] apache2 2.4.55-1ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Mar 8 18:05:18 UTC 2023 

apache2 (2.4.55-1ubuntu2) lunar; urgency=medium

  * SECURITY UPDATE: HTTP request splitting with mod_rewrite and mod_proxy
    - debian/patches/CVE-2023-25690-1.patch: don't forward invalid query
      strings in modules/http2/mod_proxy_http2.c,
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy_ajp.c,
      modules/proxy/mod_proxy_balancer.c, modules/proxy/mod_proxy_http.c,
      modules/proxy/mod_proxy_wstunnel.c.
    - debian/patches/CVE-2023-25690-2.patch: Fix missing APLOGNO in
      modules/http2/mod_proxy_http2.c.
    - CVE-2023-25690
  * SECURITY UPDATE: mod_proxy_uwsgi HTTP response splitting
    - debian/patches/CVE-2023-27522.patch: stricter backend HTTP response
      parsing/validation in modules/proxy/mod_proxy_uwsgi.c.
    - CVE-2023-27522

Date: Wed, 08 Mar 2023 11:32:34 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/apache2/2.4.55-1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Wed, 08 Mar 2023 11:32:34 -0500
Source: apache2
Built-For-Profiles: noudeb
Architecture: source
Version: 2.4.55-1ubuntu2
Distribution: lunar
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 apache2 (2.4.55-1ubuntu2) lunar; urgency=medium
 .
   * SECURITY UPDATE: HTTP request splitting with mod_rewrite and mod_proxy
     - debian/patches/CVE-2023-25690-1.patch: don't forward invalid query
       strings in modules/http2/mod_proxy_http2.c,
       modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy_ajp.c,
       modules/proxy/mod_proxy_balancer.c, modules/proxy/mod_proxy_http.c,
       modules/proxy/mod_proxy_wstunnel.c.
     - debian/patches/CVE-2023-25690-2.patch: Fix missing APLOGNO in
       modules/http2/mod_proxy_http2.c.
     - CVE-2023-25690
   * SECURITY UPDATE: mod_proxy_uwsgi HTTP response splitting
     - debian/patches/CVE-2023-27522.patch: stricter backend HTTP response
       parsing/validation in modules/proxy/mod_proxy_uwsgi.c.
     - CVE-2023-27522
Checksums-Sha1:
 457aec36ebb87e98f0450f503dde41da09401e3a 3595 apache2_2.4.55-1ubuntu2.dsc
 b7669a266a4d65ec193d26807dbde7181f39f0f4 922404 apache2_2.4.55-1ubuntu2.debian.tar.xz
 87d4816a2a1a5cfcd5fd682c83fa7d36f097280b 8182 apache2_2.4.55-1ubuntu2_source.buildinfo
Checksums-Sha256:
 c8e4446686933a4a65ca90880de0f8331348a97a40f6dcbc493c7d3b91a95b3d 3595 apache2_2.4.55-1ubuntu2.dsc
 426d99e8e4348cee96aae9b7048f006e5ad954fec7e04ad87a57a9b7bdf279e1 922404 apache2_2.4.55-1ubuntu2.debian.tar.xz
 9438f75e4925b795de2be733973687bfda7abe147d90040d344f794d1b80aac5 8182 apache2_2.4.55-1ubuntu2_source.buildinfo
Files:
 9a400fce908552f91acb8b550453ee9a 3595 httpd optional apache2_2.4.55-1ubuntu2.dsc
 5c12efd6413508a74911cf462cc2394b 922404 httpd optional apache2_2.4.55-1ubuntu2.debian.tar.xz
 2bf9812ea8335a5a3250d0cf2cd818ca 8182 httpd optional apache2_2.4.55-1ubuntu2_source.buildinfo
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>

More information about the lunar-changes mailing list