-
apache2 (2.4.58-1ubuntu8.1) noble-security; urgency=medium
* SECURITY UPDATE: HTTP response splitting
- debian/patches/CVE-2023-38709.patch: header validation after
content-* are eval'ed in modules/http/http_filters.c.
- CVE-2023-38709
* SECURITY UPDATE: HTTP Response Splitting in multiple modules
- debian/patches/CVE-2024-24795.patch: let httpd handle CL/TE for
non-http handlers in include/util_script.h,
modules/aaa/mod_authnz_fcgi.c, modules/generators/mod_cgi.c,
modules/generators/mod_cgid.c, modules/http/http_filters.c,
modules/proxy/ajp_header.c, modules/proxy/mod_proxy_fcgi.c,
modules/proxy/mod_proxy_scgi.c, modules/proxy/mod_proxy_uwsgi.c.
- CVE-2024-24795
* SECURITY UPDATE: HTTP/2 DoS by memory exhaustion on endless
continuation frames
- debian/patches/CVE-2024-27316.patch: bail after too many failed reads
in modules/http2/h2_session.c, modules/http2/h2_stream.c,
modules/http2/h2_stream.h.
- CVE-2024-27316
-- Marc Deslauriers <email address hidden> Thu, 18 Apr 2024 11:13:41 -0400
-
apache2 (2.4.58-1ubuntu8) noble; urgency=medium
* No-change rebuild against libapr1t64
-- Steve Langasek <email address hidden> Sun, 07 Apr 2024 07:02:29 +0000
-
apache2 (2.4.58-1ubuntu7) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- Steve Langasek <email address hidden> Sun, 31 Mar 2024 08:37:28 +0000
-
apache2 (2.4.58-1ubuntu6) noble; urgency=medium
* d/debhelper/apache2-maintscript-helper: Allow execution when called from a
postinst script through a trigger (i.e., postinst triggered).
Thanks to Roel van Meer. (LP: #2038912) (Closes: #1060450)
-- Athos Ribeiro <email address hidden> Mon, 18 Mar 2024 09:35:36 -0300
-
apache2 (2.4.58-1ubuntu5) noble; urgency=medium
* No-change rebuild against libcurl4t64
-- Steve Langasek <email address hidden> Sat, 16 Mar 2024 06:05:04 +0000
-
apache2 (2.4.58-1ubuntu4) noble; urgency=medium
* No-change rebuild against libaprutil1t64
-- Zixing Liu <email address hidden> Sat, 09 Mar 2024 23:05:43 -0700
-
apache2 (2.4.58-1ubuntu3) noble; urgency=medium
* No-change rebuild against libssl3t64
-- Steve Langasek <email address hidden> Mon, 04 Mar 2024 17:21:46 +0000
-
apache2 (2.4.58-1ubuntu2) noble; urgency=medium
* d/c/m/setenvif.conf, d/p/fix-dolphin-to-delete-webdav-dirs.patch: Add
dolphin and Konqueror/5 careful redirection so that directories can be
deleted via webdav.
(LP: #1927742)
-- Bryce Harrington <email address hidden> Wed, 24 Jan 2024 14:00:03 -0800
-
apache2 (2.4.58-1ubuntu1) noble; urgency=medium
* Merge with Debian unstable (LP: #2040357). Remaining changes:
- d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
d/source/include-binaries, d/t/check-ubuntu-branding: Replace
Debian with Ubuntu on default homepage.
(LP #1966004, LP #1947459)
- d/apache2.py, d/apache2-bin.install: Add apport hook
(LP #609177)
- d/control, d/apache2.install, d/apache2-utils.ufw.profile,
d/apache2.dirs: Add ufw profiles
(LP #261198)
- d/control: Upgrade lua build dependency to 5.4
-- Bryce Harrington <email address hidden> Thu, 14 Dec 2023 23:52:39 -0800
-
apache2 (2.4.57-2ubuntu3) noble; urgency=medium
* d/icons/ubuntu-logo.png: add Ubuntu image for welcome page (LP: #1947459).
* d/t/check-ubuntu-branding: add check for ubuntu branding.
-- Mitchell Dzurick <email address hidden> Mon, 13 Nov 2023 10:49:48 -0700
-
apache2 (2.4.57-2ubuntu2) mantic; urgency=medium
* d/control: Upgrade lua build dependency to 5.4
-- Lena Voytek <email address hidden> Fri, 21 Jul 2023 14:17:42 -0700