-
apache2 (2.4.55-1ubuntu2.1) lunar-security; urgency=medium
* SECURITY UPDATE: mod_macro buffer over-read
- debian/patches/CVE-2023-31122.patch: fix length in
modules/core/mod_macro.c.
- CVE-2023-31122
* SECURITY UPDATE: Multiple issues in HTTP/2
- CVE-2023-43622: DoS in HTTP/2 with initial windows size 0
- CVE-2023-45802: HTTP/2 stream memory not reclaimed right away on RST
- debian/patches/update_http2.patch: backport version 2.0.22 of
mod_http2 from httpd 2.4.58.
- CVE-2023-43622
- CVE-2023-45802
-- Marc Deslauriers <email address hidden> Thu, 26 Oct 2023 09:37:01 -0400
-
apache2 (2.4.55-1ubuntu2) lunar; urgency=medium
* SECURITY UPDATE: HTTP request splitting with mod_rewrite and mod_proxy
- debian/patches/CVE-2023-25690-1.patch: don't forward invalid query
strings in modules/http2/mod_proxy_http2.c,
modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy_ajp.c,
modules/proxy/mod_proxy_balancer.c, modules/proxy/mod_proxy_http.c,
modules/proxy/mod_proxy_wstunnel.c.
- debian/patches/CVE-2023-25690-2.patch: Fix missing APLOGNO in
modules/http2/mod_proxy_http2.c.
- CVE-2023-25690
* SECURITY UPDATE: mod_proxy_uwsgi HTTP response splitting
- debian/patches/CVE-2023-27522.patch: stricter backend HTTP response
parsing/validation in modules/proxy/mod_proxy_uwsgi.c.
- CVE-2023-27522
-- Marc Deslauriers <email address hidden> Wed, 08 Mar 2023 11:32:34 -0500
-
apache2 (2.4.55-1ubuntu1) lunar; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
d/source/include-binaries: Replace Debian with Ubuntu on default
homepage.
- d/apache2.py, d/apache2-bin.install: Add apport hook
- d/control, d/apache2.install, d/apache2-utils.ufw.profile,
d/apache2.dirs: Add ufw profiles
apache2 (2.4.55-1) unstable; urgency=medium
[ Hendrik Jäger ]
* disable ssl session tickets
* redundant example as already enabled in the default config
* logrotate indentation
* Update example how to prevent access to VCS directories
[ lintian-brush ]
* Update lintian override info to new format:
+ debian/source/lintian-overrides: line 2, 4-5, 8
+ debian/apache2-data.lintian-overrides: line 2-5
+ debian/apache2-bin.lintian-overrides: line 3
+ debian/apache2-doc.lintian-overrides: line 2
+ debian/apache2.lintian-overrides: line 6
* Set upstream metadata fields: Repository-Browse.
* Update standards version to 4.6.2, no changes needed.
[ Yadd ]
* New upstream version (Closes: CVE-2006-20001, CVE-2022-36760, CVE-2022-37436)
apache2 (2.4.54-5) unstable; urgency=medium
[ Hendrik Jäger ]
* fix: one oom-killed thread should not take down the whole service
* fix: remove modelines
* fix: update clickjacking protection example
* fix: use tab for indentation, even in commented examples
[ Yadd ]
* Revert "Fix: confusing and impractical naming" (unbreak squid and haproxy
tests)
apache2 (2.4.54-4) unstable; urgency=medium
[ Charles Plessy ]
* Replace mime-support transition package with media-types (Closes: #980275)
[ Hendrik Jäger ]
* fix mislead safety precautions: don't hide errors when enabling a module.
MR !20
* fix trailing spaces and indentation inconsistencies. MR !19 !21 !22
* Fix confusing and impractical naming: rename default-ssl.conf into
000-default-ssl.conf. MR !23
* Fix confusing keyword: replace _default_ by *. MR !24
-- Steve Langasek <email address hidden> Tue, 24 Jan 2023 13:31:02 -0800
-
apache2 (2.4.54-3ubuntu2) lunar; urgency=medium
* No-change rebuild against libldap-2
-- Steve Langasek <email address hidden> Thu, 15 Dec 2022 19:42:31 +0000
-
apache2 (2.4.54-3ubuntu1) lunar; urgency=medium
* Merge with Debian unstable (LP: #1993373). Remaining changes:
- d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
d/source/include-binaries: Replace Debian with Ubuntu on default
homepage.
(LP #1966004)
- d/apache2.py, d/apache2-bin.install: Add apport hook
(LP #609177)
- d/control, d/apache2.install, d/apache2-utils.ufw.profile,
d/apache2.dirs: Add ufw profiles
(LP #261198)
-- Bryce Harrington <email address hidden> Wed, 16 Nov 2022 16:44:44 -0800
-
apache2 (2.4.54-2ubuntu1) kinetic; urgency=medium
* Merge with Debian unstable (LP: #1982048). Remaining changes:
- d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
d/source/include-binaries: Replace Debian with Ubuntu on default
homepage.
(LP #1966004)
- d/apache2.py, d/apache2-bin.install: Add apport hook
(LP #609177)
- d/control, d/apache2.install, d/apache2-utils.ufw.profile,
d/apache2.dirs: Add ufw profiles
(LP #261198)
-- Bryce Harrington <email address hidden> Thu, 21 Jul 2022 19:38:00 +0000