apache2_2.4.50-1_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 05 Oct 2021 13:25:23 +0200 Source: apache2 Architecture: source Version: 2.4.50-1 Distribution: unstable Urgency: high Maintainer: Debian Apache Maintainers Changed-By: Ondřej Surý Changes: apache2 (2.4.50-1) unstable; urgency=high . * New upstream version 2.4.50 (Closes: CVE-2021-41773, CVE-2021-41524) * Remove patches already merged upstream Checksums-Sha1: a1116122cf011c0253f22ae6aac3347efa7d6a9a 3604 apache2_2.4.50-1.dsc afac1bf6aaa84ea2878c56ed56a49f5efdd7ff73 9871382 apache2_2.4.50.orig.tar.gz 26d685300db1207de95925743775908246e15c66 874 apache2_2.4.50.orig.tar.gz.asc 1df9814c1b92e1eba95483df7a84da02686322f7 887328 apache2_2.4.50-1.debian.tar.xz 7323960737cf1079c2ea67360ed1f17f50b9c332 12325 apache2_2.4.50-1_amd64.buildinfo Checksums-Sha256: b001fd42d49b491ee4260fed37c921e247a669fbb3210f4cbe1ff847dbe393ba 3604 apache2_2.4.50-1.dsc feb87f9cc60e02782d795d30cd60a36e918c82fe9a2e7363b0ae28a78be9613a 9871382 apache2_2.4.50.orig.tar.gz 7e57fdf3ff83a7bfc259e3304abe707f16422b6af40dee2368a71df4b65b4ae7 874 apache2_2.4.50.orig.tar.gz.asc 38dd4772dc94242c1887a22181f967092769b375c061c5a5a86b61b5f11ccffa 887328 apache2_2.4.50-1.debian.tar.xz 9849c8a522ba740ed156e60194087ffe5089e7bc09737a9e78383760ed3fdda0 12325 apache2_2.4.50-1_amd64.buildinfo Files: 48a08f4973eed1f6dedcc0f88c9f6aa2 3604 httpd optional apache2_2.4.50-1.dsc 18cecbfa70abd77b75f70c40d724e30f 9871382 httpd optional apache2_2.4.50.orig.tar.gz 87ecd6a87977f0115547f9930082919c 874 httpd optional apache2_2.4.50.orig.tar.gz.asc 7544b70635335dd21b794ea58354308c 887328 httpd optional apache2_2.4.50-1.debian.tar.xz 6dd72abb71e6aece7056e68e180fd5af 12325 httpd optional apache2_2.4.50-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmFcN1dfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcLYWQ/9FDfaWW4ih+mqFHTevHnsqizys2laGXFscdqmVz6S5wKO4BI6XYuy3uYe 1hIFhLe9xgW13dOjKQY6SQU12/KmS7xQ7davg13feyXoBFExCgRrEP9082XUOJYf FaGlL5i27b1Gxa0HT+Fl2KnWMYWU4r0jiH/pcGs+tQAEzRoDNIMmfCw7+JqMQ3aF VIsQhrSn2Wc5eG2gVBm3l71FkcHTtpP2dqEve+53rwGTYg9P/g1zDjkAK8a0A/Q+ r7t8o62/jSWPlBnTyn4iUBx2KLzSg+ue6E4pkBfPQQMz/5/no8N2XxyxsJ04YgeE FVTB6gef10si7xs5v9wwQvt74i/+6OBjx+LiDKqx9Fr4pDAPmnHoMgk31KihDc72 Z9nN5WrmoH42olqvEfYJC6O5PPKyFROF1oKG5LRLP3+/Sekqm6SflRdWDM/jZEHZ MoG0cTu0xkHH9xvPIYrcAIlRUqvdDcgFPtAiW1IxGxRtMPCD7GDdvojM7nsRlmn/ O6v732ruwjDMSW6Rd2PxQUGBI7xwDke9y3YNkxCtDHSDtP4TnhshPFOdkvmbKIUV U8c/QqlnqhYzyW9cn6ue1bxO3C5GL9gcUx0d1vAmN23qvm27c687qTnlTR6cvi7C AYgMChdswjXb/yD36Rfqww+JB2qSBp1MNqBZxmerZ+R9iXdPx18= =6Zd2 -END PGP SIGNATURE- Thank you for your contribution to Debian.
Processing of apache2_2.4.50-1_source.changes
apache2_2.4.50-1_source.changes uploaded successfully to localhost along with the files: apache2_2.4.50-1.dsc apache2_2.4.50.orig.tar.gz apache2_2.4.50.orig.tar.gz.asc apache2_2.4.50-1.debian.tar.xz apache2_2.4.50-1_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
Processed: Re: libapache2-mod-proxy-uwsgi 2.0.14+20161117-3+deb9u4 - duplicated request path
Processing commands for cont...@bugs.debian.org: > reassign 995368 uwsgi Bug #995368 [libapache2-mod-proxy-uwsgi] Bug in Package: libapache2-mod-proxy-uwsgi Bug reassigned from package 'libapache2-mod-proxy-uwsgi' to 'uwsgi'. Ignoring request to alter found versions of bug #995368 to the same values previously set Ignoring request to alter fixed versions of bug #995368 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 995368: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995368 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#995368: libapache2-mod-proxy-uwsgi 2.0.14+20161117-3+deb9u4 - duplicated request path
reassign 995368 uwsgi thanks Am Fri, Oct 01, 2021 at 04:16:05PM +0200 schrieb Josef Kejzlar, wpj s.r.o.: > I can confirm this regression. > After unattended security upgrades got applied during the night, all > our applications stopped working. > > There is wrong request path sent to uwsgi server. Some times > duplicated leading slash. > > I would classify this as critical problem, all servers using uwsgi and > libapache2-mod-proxy-uwsgi stopped working after secuity update. Hi Philippe and Josef, thanks for reporting! This isn't a bug in Apache (source package name apache2), but got introduced by an update in the uwsgi source package (which is admittedly confusing since both build Apache modules with uwsgi in their name). I'm reassigning the bug and adding the debian-lts list to pick this up. Cheers, Moritz
