Bug#1021771: apache2: Accessing to type-map without .var suffix results 500 and apache2 exits

[Shintaro Sakahara]

Package: apache2
Version: 2.4.54-1~deb11u1
Severity: important

Dear Maintainer,

I recently upgraded my server from Debian 10 to 11 and encountered a problem
where apache2 responded 500 Internal Server Error and then the process exited
when a URL to a type-map, which referenced CGI script as actual content,
without ".var" suffix was getting accessed.

I created a small example using Docker and put on GitHub so that everyone could
easily reproduce this problem.

https://github.com/skhrshin/apache2-crash-example

* Steps to reproduce *

1. Clone the repo into somewhere
2. Run `docker-compose build`
3. Run `docker-compose up`
4. Access to http://localhost:8081/board.cgi with your web browser

* Expected behavior *

A string "OK" is displayed.

* Actual behavior *

Your web browser gets 500 Internal Server Error.
Also, in a few seconds, the apache2 process is terminated.

I'm not sure if the problem is caused solely by apache2 package or by some
other dependencies like apache2-suexec-pristine or libapache2-mpm-itk, but
I don't know how to find it out. So I asked about this issue to Debian-user ML
if there's something I can do, but I could get no answer, so now I'm reporting
it here. Please tell me if something is insufficient and there's a way to
investigate it more.


-- Package-specific info:

-- System Information:
Debian Release: 11.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-18-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apache2 depends on:
ii  apache2-bin  2.4.54-1~deb11u1
ii  apache2-data 2.4.54-1~deb11u1
ii  apache2-utils2.4.54-1~deb11u1
ii  dpkg 1.20.12
ii  init-system-helpers  1.60
ii  lsb-base 11.1.0
ii  mime-support 3.66
ii  perl 5.32.1-4+deb11u2
ii  procps   2:3.3.17-5

Versions of packages apache2 recommends:
ii  ssl-cert  1.1.0+nmu1

Versions of packages apache2 suggests:
pn  apache2-doc  
ii  apache2-suexec-pristine  2.4.54-1~deb11u1
ii  lynx [www-browser]   2.9.0dev.6-3~deb11u1

Versions of packages apache2-bin depends on:
ii  libapr1  1.7.0-6+deb11u1
ii  libaprutil1  1.6.1-5
ii  libaprutil1-dbd-sqlite3  1.6.1-5
ii  libaprutil1-ldap 1.6.1-5
ii  libbrotli1   1.0.9-2+b2
ii  libc62.31-13+deb11u4
ii  libcrypt11:4.4.18-4
ii  libcurl4 7.74.0-1.3+deb11u3
ii  libjansson4  2.13.1-1.1
ii  libldap-2.4-22.4.57+dfsg-3+deb11u1
ii  liblua5.3-0  5.3.3-1.1+b1
ii  libnghttp2-141.43.0-1
ii  libpcre3 2:8.39-13
ii  libssl1.11.1.1n-0+deb11u3
ii  libxml2  2.9.10+dfsg-6.7+deb11u2
ii  perl 5.32.1-4+deb11u2
ii  zlib1g   1:1.2.11.dfsg-2+deb11u2

Versions of packages apache2-bin suggests:
pn  apache2-doc  
ii  apache2-suexec-pristine  2.4.54-1~deb11u1
ii  lynx [www-browser]   2.9.0dev.6-3~deb11u1

Versions of packages apache2 is related to:
ii  apache2  2.4.54-1~deb11u1
ii  apache2-bin  2.4.54-1~deb11u1

-- Configuration Files:
/etc/apache2/conf-available/other-vhosts-access-log.conf changed [not included]
/etc/apache2/ports.conf changed [not included]

-- no debconf information

apache2_2.4.54-3_sourceonly.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 12 Oct 2022 09:20:52 +0200
Source: apache2
Built-For-Profiles: nocheck
Architecture: source
Version: 2.4.54-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Yadd 
Changes:
 apache2 (2.4.54-3) unstable; urgency=medium
 .
   [ Hendrik Jäger ]
   * Do not enable global alias /manual
   * mention not enabling /manual for the docs in the NEWS
Checksums-Sha1: 
 e9d82931a90259214baf77ec1b7e89ef5bbab8b0 3488 apache2_2.4.54-3.dsc
 6603589675fa556351fb71db42256896620d8f7c 900060 apache2_2.4.54-3.debian.tar.xz
Checksums-Sha256: 
 ca4939f4ef175e5a93c2e39425ea0507ccd3a1754d7feba38fa727e6282b4f65 3488 
apache2_2.4.54-3.dsc
 74e7e8015f9d6499ed2af71ec701f7c0e3426c05a1ca39b49bc701a5cf87144f 900060 
apache2_2.4.54-3.debian.tar.xz
Files: 
 60ef93a55cfc996eaea61b3ca97ab544 3488 httpd optional apache2_2.4.54-3.dsc
 25975d124797ad11f702c24f8c5beb5f 900060 httpd optional 
apache2_2.4.54-3.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmNGa9AACgkQ9tdMp8mZ
7umtaA//Sd/wMV2oSQwvSZuQ5flFGMXGXlMz6N2/cs7fmwUVMjs9VJNc0Do3TKBu
sLLwAlVk/SEbs4hn/Vu+zfRqot4EUmRU/hnkQTL2vUP6aTW6LzIGWoPX1MeORSIf
ySWiH5bOkbbZOxchqUuDrqAlsjLwKM+WMc8WoI//3WSLF4+Kt2ANzqr285DRwktO
XhM0JK9c/hSq9spEJqYS29QLOlPXawcPbQwgumK3cTZJHhD/6VOLmbzgPYgLCxGY
TpK5RV1C95KXDUU82G6GEu/7U+li94X4iyiP/gr3nnHrRBwOUtPBhZJH8XyY6loa
0LGAXIqM1GYNROu4T8t+ZWRunA8QcshgCu5qpJu/5z8BUjH7EjgsCTmgyYomN8XR
ex2skUyZYW32wyXovdVK4oFQlVDGJ0J7onzCmp5zw+nJm9bn3YyPLWwGIiuw0Jmk
m3KuaQKWeJ6R5D7dTWX8XIyF2EiCaWPHAryhkVRSGuO964MQgUlMJ850nzrtOdbq
W0HFURsboHdF4SzJaWb4jrtaSP2PYqewojrFgVWJ3nnYpgltM3BaCXPxFozz+0MP
Piekca/SRjWv8bPSAzPcAsGiHObWuOv1hfv+gIn75KJlGDAvcd65fd9MxFqxYrqv
i6Gcu9czaPFBACs4HNO9zZNk89Lr9v0ksg3uKdF0RZwgsks0yRc=
=tPmc
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

Processing of apache2_2.4.54-3_sourceonly.changes

[Debian FTP Masters]

apache2_2.4.54-3_sourceonly.changes uploaded successfully to localhost
along with the files:
  apache2_2.4.54-3.dsc
  apache2_2.4.54-3.debian.tar.xz

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

Bug#968170:

[Munirah Tawar]

I can get people's wifi password

Bug#1017868: ssl-cert: Needless bash dependency

[Stefan Fritsch]

Hi,

Am 21.08.22 um 21:59 schrieb наб:

The installed make-ssl-cert depends on bash,
but doesn't really need to.


I am sorry, but I don't see any advantage here in switching away from 
bash. The performance advantage of dash over bash is completely 
irrelevant in make-ssl-cert, and bash is essential: yes.




See patch based on current Salsa HEAD, below;
it's shellcheck-clean.

The same could trivially be done for the tests,
since pretty much the only extension shellcheck picks up is local.


local is not a bash extension. Or what do you mean?

I haven't done a thorough review, but this bit is wrong:

  
  ask_via_debconf() {

  RET=""
-if db_settitle make-ssl-cert/title ; then
-   : # OK
-else
+if ! db_settitle make-ssl-cert/title ; then
echo "Debconf failed with error code $? $RET" >&2
echo "Maybe your debconf database is corrupt." >&2
echo "Try re-installing ssl-cert." >&2
  fi


$? will be 0 in the echo and not the return value from debconf.


Cheers,
Stefan

Bug#1020227: libgcc_s.so.1 must be installed for pthread_cancel to work

[koos vriezen]

Package: apache2
Version: 2.4.54-2

After updating a debian/testing amd64 an apache based https front-end
for a local http server (non-apache) failed to work. The error log
showed lines like

[core:notice] [pid 817:tid 140108209478976] AH00052: child pid 427563
exit signal Aborted (6)
libgcc_s.so.1 must be installed for pthread_cancel to work

With some search I solved the issue by purging  lib32gcc-12-dev and
libx32gcc-11-dev, followed by an autoremove. So I think the bug is
that apache found the wrong libgcc_s.so.1, i.e. the 32bit one.

Cheers,
Koos Vriezen

Bug#1019418: apache2: Content-Location header doesn't escape colons

[Peter Chubb]

Package: apache2
Version: 2.4.54-1~deb11u1
Severity: normal

Dear Maintainer,

We have an apache2 server that serves URLs of the form:
   https://server.com/a/b/foo:phd.html

The Content-Location HTTP response header returned is then
   Content-Location: foo:phd.html

which is invalid because of the colon.  It should return
   Content-Location: ./foo:phd.html
so that the : is not treated as a protocol delimiter.



-- Package-specific info:

-- System Information:
Debian Release: 11.4
  APT prefers stable
  APT policy: (1002, 'stable'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-13-amd64 (SMP w/32 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apache2 depends on:
ii  apache2-bin  2.4.54-1~deb11u1
ii  apache2-data 2.4.54-1~deb11u1
ii  apache2-utils2.4.54-1~deb11u1
ii  dpkg 1.20.11
ii  init-system-helpers  1.60
ii  lsb-base 11.1.0
ii  mime-support 3.66
ii  perl 5.32.1-4+deb11u2
ii  procps   2:3.3.17-5

Versions of packages apache2 recommends:
ii  ssl-cert  1.1.0+nmu1

Versions of packages apache2 suggests:
pn  apache2-doc  
pn  apache2-suexec-pristine | apache2-suexec-custom  
pn  www-browser  

Versions of packages apache2-bin depends on:
ii  libapr1  1.7.0-6+deb11u1
ii  libaprutil1  1.6.1-5
ii  libaprutil1-dbd-sqlite3  1.6.1-5
ii  libaprutil1-ldap 1.6.1-5
ii  libbrotli1   1.0.9-2+b2
ii  libc62.31-13+deb11u3
ii  libcrypt11:4.4.18-4
ii  libcurl4 7.74.0-1.3+deb11u1
ii  libjansson4  2.13.1-1.1
ii  libldap-2.4-22.4.57+dfsg-3+deb11u1
ii  liblua5.3-0  5.3.3-1.1+b1
ii  libnghttp2-141.43.0-1
ii  libpcre3 2:8.39-13
ii  libssl1.11.1.1n-0+deb11u3
ii  libxml2  2.9.10+dfsg-6.7+deb11u2
ii  perl 5.32.1-4+deb11u2
ii  zlib1g   1:1.2.11.dfsg-2+deb11u1

Versions of packages apache2-bin suggests:
pn  apache2-doc  
pn  apache2-suexec-pristine | apache2-suexec-custom  
pn  www-browser  

Versions of packages apache2 is related to:
ii  apache2  2.4.54-1~deb11u1
ii  apache2-bin  2.4.54-1~deb11u1

-- no debconf information

Folgen Sie meinem Paket

[Kunden service]

 

Lieber Kunde,

Letzter Hinweis: Diese E-Mail informiert Sie darüber, dass Ihre Sendung
noch auf die Bearbeitung wartet.

Ihr Paket konnte am 06.09.2022 nicht zugestellt werden, da keine
Gebühren bezahlt wurden 6.99

Paketnummer: 31385670087409
Gesamt: (6,99)
Die Lieferung ist geplant zwischen: 08.08.2022 - 09.08.2022

Versand bestätigen 

Danke für dein Vertrauen.

**International GmbH.2022**

** **

 
_

Sent to debian-apache@lists.debian.org

Cancelar a inscrição:
http://metodolv.activehosted.com/proc.php?nl=3c=55m=72s=93000e3722cd5dd724e92ef4afe915e7act=unsub

Leticia Riccio Vaz Eireli, R Advogado Zeferino Vasconcellos, 483, Bragança 
Paulista - SP, 12.903-010, Brasil

Bug#1018718: apache2-doc: despite having been disabled, apache2-doc.conf gets rather silently re-enabled automatically

[Christoph Anton Mitterer]

Package: apache2-doc
Version: 2.4.54-1~deb11u1
Severity: important


Hey.

Unfortunately #977014 has been ignored so far, but no I just noted that even
when one explicitly disabled apache2-doc.conf via a2disconf, it still gets
rather silently re-enabled on upgrading the package, which is IMO quite
unfortunate.


Please fix at least that, or even better #977014, in which case this bug here
would become obsolete.

Thanks :-)
Chris.

Security vulnerabilities

[Emil Winkler]

Hello!
 
Are you ready to talk about app and infrastructure security, in particular 
about vulnerabilities and resistance to breach attempts?
 
We conduct black box, grey box and white box penetration tests, which simulate 
potential attacks on web and mobile apps and infrastructure, and which can help 
you assess the real effectiveness of your security measures.
 
We identify the largest amount of vulnerabilities possible so that you can 
eliminate all threats to your data protection, service continuity and app 
availability.
 
You then receive a report which lists all identified vulnerabilities and the 
associated risks, as well as our recommendations on how best to eliminate them 
and upgrade your security.
 
After the changes have been implemented, we run a re-test so that you can rest 
assured that the vulnerabilities we discovered have really been eliminated.
 
Our pentesters are holders of various certificates, including CEH, OSCP, OSCE 
and CISSP, and have a wealth of experience working with popular global brands.
 
If you are interested in working with us – be sure to let us know.


Best regards
Emil Winkler

Nowy termin

[Marek Wichta]

Dzień dobry,

podnosimy bezpieczeństwo działalności i zapewniamy stały dostęp do środków 
pieniężnych nawet w sytuacji niewypłacalności odbiorców lub ich opóźnień z 
zapłatą należności. 

Mogę szerzej przedstawić sposób na bezpieczne i komfortowe prowadzenie biznesu, 
bez zaciągania zobowiązań finansowych?


Pozdrawiam
Marek Wichta
Account Manager

Bug#695835: Partnerstwo wewnetrzne

[Dave E. Ramsden]

Mam dla Ciebie poufna propozycje biznesowa, która jest warta znaczna kwote 
(13,5 mln GBP). Jesli jestes zainteresowany, odpowiedz, aby uzyskac wiecej 
informacji.
 
Jesli to mozliwe, wskaz swoje zainteresowanie jezykiem angielskim dla lepszej 
komunikacji.
 
Z powazaniem,
Dave Ramsden
__
Sekretarz: Chantal Salvi

apache2_2.4.38-3+deb10u8_source.changes ACCEPTED into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 20 Jun 2022 15:03:00 -0400
Source: apache2
Architecture: source
Version: 2.4.38-3+deb10u8
Distribution: buster
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Roberto C. Sánchez 
Changes:
 apache2 (2.4.38-3+deb10u8) buster; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2022-22719: denial of service in mod_lua via crafted request body.
   * CVE-2022-22720: HTTP request smuggling.
   * CVE-2022-22721: integer overflow leading to buffer overflow write.
   * CVE-2022-23943: heap memory overwrite via crafted data in mod_sed.
   * CVE-2022-26377: mod_proxy_ajp: Possible request smuggling.
   * CVE-2022-28614: read beyond bounds via ap_rwrite().
   * CVE-2022-28615: Read beyond bounds in ap_strcmp_match().
   * CVE-2022-29404: Denial of service in mod_lua r:parsebody.
   * CVE-2022-30522: mod_sed denial of service.
   * CVE-2022-30556: Information Disclosure in mod_lua with websockets.
   * CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism.
Checksums-Sha1:
 b7ccf6bd8ccaf574a7df701a0d6de0ed8fbaa772 3263 apache2_2.4.38-3+deb10u8.dsc
 edb6ca206de92cfd1f93dee1003da7c263167c0d 1092444 
apache2_2.4.38-3+deb10u8.debian.tar.xz
 da8b2ea1362da5fcaba8074fd34518550df5b241 12091 
apache2_2.4.38-3+deb10u8_amd64.buildinfo
Checksums-Sha256:
 756d7b64958ab5bbe1f4526518efdb096fda59418eb7d6a84e704557414bddbc 3263 
apache2_2.4.38-3+deb10u8.dsc
 63d2e8fb0b2a148e1ebddc1ef57d90f97c1478e9dc6127fc8a63e52fd90b0d35 1092444 
apache2_2.4.38-3+deb10u8.debian.tar.xz
 2a61c67ca9a4e3a112294d6e32b74791966bc7b2d3f6e13d3584eacca144ea66 12091 
apache2_2.4.38-3+deb10u8_amd64.buildinfo
Files:
 e6ef4213da9d1a30eef9eb7acb0a5d04 3263 httpd optional 
apache2_2.4.38-3+deb10u8.dsc
 c690ddcb5867ac0281142dc51b226b10 1092444 httpd optional 
apache2_2.4.38-3+deb10u8.debian.tar.xz
 89f3f694f429b0162cb7adea67adac0d 12091 httpd optional 
apache2_2.4.38-3+deb10u8_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAmLDIZgACgkQldFmTdL1
kUKBBxAAqQpK96dq19GgCtY9xjFZbzgikF50UaugO8xyRRpjt2LPgIAKppUNDFMT
anJMxzIJgKX7FeK4dLXEgi06rTzlYf3MGb50GJ7guP4pLiHYGvMOx5HC7W7+7H+F
ZhGvlhWcR4ZoLxchZzklO9AvLd9Z9po9XhKj6yPfbv6s66DdTGpRAViTOI8XmaUR
KNpyhf3MhhYylYJfPh3Sb93LShFuWA3iR6y0zesLZDE3u3XKVmygOe3ee5TAP4ia
c233Bx2BUBXOZ3umNJgOMEfIriFmesrKVCoGjNIxRBX1QaY9CKF+Fib4td0k4tEE
0+TKsE5+HTB5v7mfkDcXE/0AmXJir5MkhtiUsfQLX+EmJ8sFn2gGsVjMMxZQd+v9
fTHWZrPDmg9ZvJDapXiNsquY0YbJ7F1U4iJj9csAc54ILmfmhs11PWhdqtHwTu09
nFzkm2ELaYdF2FuwR4G8YGs5orUphgfm3e0ZHbwnkiN0Krs/xOcMXoTwo94iPCOC
e9Je070LEw3vWT+dJaSB5lzzNiSg5Q54VomIM280O87ja8NVM2E8m5ZZZ6SfzqA5
PikjwYwePvndwd50WziCozaWWudUKFTD7ppTVpPJw3ckKkphkMQ9bSfYHN4WQYj4
Gs/F+k7qTQ4zHoBXs2jtdZ0WyBzsW3UhKtswY9n4zo7jp4yfo60=
=UHLo
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

apache2_2.4.38-3+deb10u8_source.changes ACCEPTED into oldstable-proposed-updates->oldstable-new

[Debian FTP Masters]

Mapping buster to oldstable.
Mapping oldstable to oldstable-proposed-updates.

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 20 Jun 2022 15:03:00 -0400
Source: apache2
Architecture: source
Version: 2.4.38-3+deb10u8
Distribution: buster
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Roberto C. Sánchez 
Changes:
 apache2 (2.4.38-3+deb10u8) buster; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2022-22719: denial of service in mod_lua via crafted request body.
   * CVE-2022-22720: HTTP request smuggling.
   * CVE-2022-22721: integer overflow leading to buffer overflow write.
   * CVE-2022-23943: heap memory overwrite via crafted data in mod_sed.
   * CVE-2022-26377: mod_proxy_ajp: Possible request smuggling.
   * CVE-2022-28614: read beyond bounds via ap_rwrite().
   * CVE-2022-28615: Read beyond bounds in ap_strcmp_match().
   * CVE-2022-29404: Denial of service in mod_lua r:parsebody.
   * CVE-2022-30522: mod_sed denial of service.
   * CVE-2022-30556: Information Disclosure in mod_lua with websockets.
   * CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism.
Checksums-Sha1:
 b7ccf6bd8ccaf574a7df701a0d6de0ed8fbaa772 3263 apache2_2.4.38-3+deb10u8.dsc
 edb6ca206de92cfd1f93dee1003da7c263167c0d 1092444 
apache2_2.4.38-3+deb10u8.debian.tar.xz
 da8b2ea1362da5fcaba8074fd34518550df5b241 12091 
apache2_2.4.38-3+deb10u8_amd64.buildinfo
Checksums-Sha256:
 756d7b64958ab5bbe1f4526518efdb096fda59418eb7d6a84e704557414bddbc 3263 
apache2_2.4.38-3+deb10u8.dsc
 63d2e8fb0b2a148e1ebddc1ef57d90f97c1478e9dc6127fc8a63e52fd90b0d35 1092444 
apache2_2.4.38-3+deb10u8.debian.tar.xz
 2a61c67ca9a4e3a112294d6e32b74791966bc7b2d3f6e13d3584eacca144ea66 12091 
apache2_2.4.38-3+deb10u8_amd64.buildinfo
Files:
 e6ef4213da9d1a30eef9eb7acb0a5d04 3263 httpd optional 
apache2_2.4.38-3+deb10u8.dsc
 c690ddcb5867ac0281142dc51b226b10 1092444 httpd optional 
apache2_2.4.38-3+deb10u8.debian.tar.xz
 89f3f694f429b0162cb7adea67adac0d 12091 httpd optional 
apache2_2.4.38-3+deb10u8_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAmLDIZgACgkQldFmTdL1
kUKBBxAAqQpK96dq19GgCtY9xjFZbzgikF50UaugO8xyRRpjt2LPgIAKppUNDFMT
anJMxzIJgKX7FeK4dLXEgi06rTzlYf3MGb50GJ7guP4pLiHYGvMOx5HC7W7+7H+F
ZhGvlhWcR4ZoLxchZzklO9AvLd9Z9po9XhKj6yPfbv6s66DdTGpRAViTOI8XmaUR
KNpyhf3MhhYylYJfPh3Sb93LShFuWA3iR6y0zesLZDE3u3XKVmygOe3ee5TAP4ia
c233Bx2BUBXOZ3umNJgOMEfIriFmesrKVCoGjNIxRBX1QaY9CKF+Fib4td0k4tEE
0+TKsE5+HTB5v7mfkDcXE/0AmXJir5MkhtiUsfQLX+EmJ8sFn2gGsVjMMxZQd+v9
fTHWZrPDmg9ZvJDapXiNsquY0YbJ7F1U4iJj9csAc54ILmfmhs11PWhdqtHwTu09
nFzkm2ELaYdF2FuwR4G8YGs5orUphgfm3e0ZHbwnkiN0Krs/xOcMXoTwo94iPCOC
e9Je070LEw3vWT+dJaSB5lzzNiSg5Q54VomIM280O87ja8NVM2E8m5ZZZ6SfzqA5
PikjwYwePvndwd50WziCozaWWudUKFTD7ppTVpPJw3ckKkphkMQ9bSfYHN4WQYj4
Gs/F+k7qTQ4zHoBXs2jtdZ0WyBzsW3UhKtswY9n4zo7jp4yfo60=
=UHLo
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

Processing of apache2_2.4.38-3+deb10u8_source.changes

[Debian FTP Masters]

apache2_2.4.38-3+deb10u8_source.changes uploaded successfully to localhost
along with the files:
  apache2_2.4.38-3+deb10u8.dsc
  apache2_2.4.38-3+deb10u8.debian.tar.xz
  apache2_2.4.38-3+deb10u8_amd64.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

Prezentacja

[Marek Onufrowicz]

Dzień dobry!

Czy mógłbym przedstawić rozwiązanie, które umożliwia monitoring każdego auta w 
czasie rzeczywistym w tym jego pozycję, zużycie paliwa i przebieg?

Dodatkowo nasze narzędzie minimalizuje koszty utrzymania samochodów, skraca 
czas przejazdów, a także tworzenie planu tras czy dostaw.

Z naszej wiedzy i doświadczenia korzysta już ponad 49 tys. Klientów. 
Monitorujemy 809 000 pojazdów na całym świecie, co jest naszą najlepszą 
wizytówką.

Bardzo proszę o e-maila zwrotnego, jeśli moglibyśmy wspólnie omówić potencjał 
wykorzystania takiego rozwiązania w Państwa firmie.


Pozdrawiam,
Marek Onufrowicz

Neue Platzierungsreihenfolge

[h-yosiyuki106]

Hallo
Ich bin Joly Joseph und vertrete Tristar Pvt Ltd, ein allgemeines 
Handelsunternehmen in Indien. Wir haben eine neue dringende 
Bestellanforderung für unseren Inlandsbedarf.
Bitte senden Sie uns für diese Ausschreibung den E-Katalog/die E-
Broschüre und die EXW-Preisliste Ihres Unternehmens an unsere 
Einkaufsabteilung.
Ihre baldige Antwort ist erforderlich.
Herzliche Grüße
Amrutha / Prakash /Joly Joseph

Tristar Pvt Ltd
Tri-Star-Türme, Cochin.
Indien, 682019
Telefon: + 91 484 4861 431 , 4865 333

Request help with public IP address for Debian's Apache build

[retrovirus-...@juno.com]

Hello Apache developers,

I used to have a Windows build of Apache1, along with the tomcat. I was quite 
successful to have the public ip address to host the defined directory. Now, I 
am on a Debian type build, particularly Apache2. There is no httpd.conf to be 
found so everything is different. I haven't documented much on my Apache1 
attempt. I was young, and I didn't have a means of purchasing a domain name nor 
keep the server active 24/7. Now, I don't have httpd.conf and am working on a 
new Apache2.

Do you happened to know how to get the public ip address to host my defined 
Apache2 directory? I am willing to listen on router configurations, firewalls 
(I am currently using the firewall-config), and Apache2 scripts.

--
Sincerely,
retrovirus-...@juno.com

Bug#695835: Projekt

[Dave Ramsden]

Mam projekt/biznes do omówienia z toba. Jesli jestes zainteresowany, odpowiedz 
po wiecej szczególów, jesli to mozliwe, w jezyku angielskim.
  
Z powazaniem,
Dave Ramsden
_
Sekretarka: Vanni Gilbert

apache2_2.4.54-2_sourceonly.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 05 Jul 2022 15:49:58 +0200
Source: apache2
Built-For-Profiles: nocheck
Architecture: source
Version: 2.4.54-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Yadd 
Closes: 1014056
Changes:
 apache2 (2.4.54-2) unstable; urgency=medium
 .
   * Move cgid socket into a writeable directory (Closes: #1014056)
   * Update lintian overrides
   * Declare compliance with policy 4.6.1
   * Install NOTICE in each package
Checksums-Sha1: 
 226a920fa24572c8830260faabf41cd54f489263 3488 apache2_2.4.54-2.dsc
 ce536f24a36c06243b691c9ca164c4e3eba875ca 899544 apache2_2.4.54-2.debian.tar.xz
Checksums-Sha256: 
 a7a5025128d97f4477819a9f77eea997cdd3c509e6f7e1db011ea53ba297f44a 3488 
apache2_2.4.54-2.dsc
 a7f1eea74cdd1566b8af3df1fcd46dc2457eb705380bccd4c3c8bdfa3774712d 899544 
apache2_2.4.54-2.debian.tar.xz
Files: 
 f65a84c5fae1dce3c96ba8dea6f6401e 3488 httpd optional apache2_2.4.54-2.dsc
 acb82e34859ad39e7b500c8dd9b06078 899544 httpd optional 
apache2_2.4.54-2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmLH0UkACgkQ9tdMp8mZ
7unoTQ//WgEAsikONdZugcR8Z9bJIqgH+NHxGm5Nq4R7JxHvAe/J2BH9njDNvuQo
3IGPSkmYP0MuaLjBpxEIrwYae9ek5n7TS38yjFh6imYqPWyTEsihNqehO495+mDC
EpREpCOVOuxbl6ApiIhe+S24vrJHVj3KdVh5AR5fUq9lyu16qu5nYvqob4LLEGXZ
x9ba5peklYRqr9TrBfsM84Cxlz3m75i+09U9PXWLBEy/Gh3QvEGXYHQR4ua8eDG0
YdQ1ORjQoFGFZWMBKRxyifzO2ZMh6BgSdfxyjKr9BDgIHKPM8X/XVi1Nyq6Xs2aT
Up8XyJF/AN9yiQYk4DdjD4TEpiINSejI635w4LUU/EzKFXVDEOG54uT7Ni4z5mv0
ABqL58Y+eLDwrmBUbkVuYbhH8SE1k3yHALnuB3pYi4OO1Pvz7qNO/ms2FBNrtk6J
jwJcf8M35R3KFq6YtAsuO9TbX/Wefi4E5KtujMXSTZEdA/o6kNjPUQeHaJ5ZJ9sT
0JUd9pk1L8VeJv/OZW++2N+QvZnP3VgzXM3hP6+jNNgDQjq+n+a30NAdMjK3cCL1
ARMoSwboIwmGLLMEHovz7dlYbV0+pXaeMBxgwIs5R2mZfTYRKERSwbkW10bM1HF4
fKgAJUJJhgkLqTnjAOeHwuEtLIljNw19Vw4Zq6gbk/4foD4bJhM=
=WEvL
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

Bug#1014056: marked as done (apache2: /var/run/apache2 permissions too narrow for cgid)

[Debian Bug Tracking System]

Your message dated Fri, 08 Jul 2022 07:04:02 +
with message-id 
and subject line Bug#1014056: fixed in apache2 2.4.54-2
has caused the Debian Bug report #1014056,
regarding apache2: /var/run/apache2 permissions too narrow for cgid
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1014056: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014056
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apache2
Version: 2.4.53-1~deb11u1
Severity: minor


Dear Maintainer,


*** Reporter, please consider answering these questions, where appropriate ***


Enabling cgid in apache2 (with a2enmod cgid) results in an error when using 
mpm_event:
    [cgid:error] [pid 8943:tid 140189712234240] (22)Invalid argument: [client 
x.x.x.x:49364] AH01257: unable to connect to cgi daemon after multiple tries: 
/usr/lib/cgi-bin/xx
Meanwhile, the user receives a 503 HTTP error, rather than the CGI content.

Upon launch, Apache creates /var/run/apache2/cgisock.PID (where PID is the PID 
in question), however it does that as the www-data user and root group, who 
does not have write access to /var/run/apache2 (where only the root user has 
write permission).

To fix this, chmod g+rwx /var/run/apache2 fixes the issue.  Since we're only 
adding the root group, this likely has a minimal security effect.

Alternately, the default directive of
    /etc/apache2/mods-available/cgid.conf:    ScriptSock 
${APACHE_RUN_DIR}/cgisock
Should not point to a folder that does not have write access by www-data user 
and a subfolder with more open permission should be created.

-- Package-specific info:


-- System Information:
Debian Release: 11.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)


Kernel: Linux 5.10.0-15-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


Versions of packages apache2 depends on:
ii  apache2-bin          2.4.53-1~deb11u1
ii  apache2-data         2.4.53-1~deb11u1
ii  apache2-utils        2.4.53-1~deb11u1
ii  dpkg                 1.20.10
ii  init-system-helpers  1.60
ii  lsb-base             11.1.0
ii  mime-support         3.66
ii  perl                 5.32.1-4+deb11u2
ii  procps               2:3.3.17-5


Versions of packages apache2 recommends:
ii  ssl-cert  1.1.0+nmu1


Versions of packages apache2 suggests:
pn  apache2-doc                                      
pn  apache2-suexec-pristine | apache2-suexec-custom  
pn  www-browser                                      


Versions of packages apache2-bin depends on:
ii  libapr1                  1.7.0-6+deb11u1
ii  libaprutil1              1.6.1-5
ii  libaprutil1-dbd-sqlite3  1.6.1-5
ii  libaprutil1-ldap         1.6.1-5
ii  libbrotli1               1.0.9-2+b2
ii  libc6                    2.31-13+deb11u3
ii  libcrypt1                1:4.4.18-4
ii  libcurl4                 7.74.0-1.3+deb11u1
ii  libjansson4              2.13.1-1.1
ii  libldap-2.4-2            2.4.57+dfsg-3+deb11u1
ii  liblua5.3-0              5.3.3-1.1+b1
ii  libnghttp2-14            1.43.0-1
ii  libpcre3                 2:8.39-13
ii  libssl1.1                1.1.1n-0+deb11u3
ii  libxml2                  2.9.10+dfsg-6.7+deb11u2
ii  perl                     5.32.1-4+deb11u2
ii  zlib1g                   1:1.2.11.dfsg-2+deb11u1


Versions of packages apache2-bin suggests:
pn  apache2-doc                                      
pn  apache2-suexec-pristine | apache2-suexec-custom  
pn  www-browser                                      


Versions of packages apache2 is related to:
ii  apache2      2.4.53-1~deb11u1
ii  apache2-bin  2.4.53-1~deb11u1


-- no debconf information
--- End Message ---
--- Begin Message ---
Source: apache2
Source-Version: 2.4.54-2
Done: Yadd 

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1014...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yadd  (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing 

Processing of apache2_2.4.54-2_sourceonly.changes

[Debian FTP Masters]

apache2_2.4.54-2_sourceonly.changes uploaded successfully to localhost
along with the files:
  apache2_2.4.54-2.dsc
  apache2_2.4.54-2.debian.tar.xz

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

Processed: found 1014056 in 2.4.54-1, fixed 1014056 in 2.4.54-3

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 1014056 2.4.54-1
Bug #1014056 [apache2] apache2: /var/run/apache2 permissions too narrow for cgid
Marked as found in versions apache2/2.4.54-1.
> fixed 1014056 2.4.54-3
Bug #1014056 [apache2] apache2: /var/run/apache2 permissions too narrow for cgid
There is no source info for the package 'apache2' at version '2.4.54-3' with 
architecture ''
Unable to make a source version for version '2.4.54-3'
Marked as fixed in versions 2.4.54-3.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1014056: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014056
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1014056: apache2: /var/run/apache2 permissions too narrow for cgid

[Yadd]

On 29/06/2022 16:51, MK wrote:

Package: apache2
Version: 2.4.53-1~deb11u1
Severity: minor


Dear Maintainer,


*** Reporter, please consider answering these questions, where appropriate ***


Enabling cgid in apache2 (with a2enmod cgid) results in an error when using 
mpm_event:
     [cgid:error] [pid 8943:tid 140189712234240] (22)Invalid argument: [client 
x.x.x.x:49364] AH01257: unable to connect to cgi daemon after multiple tries: 
/usr/lib/cgi-bin/xx
Meanwhile, the user receives a 503 HTTP error, rather than the CGI content.

Upon launch, Apache creates /var/run/apache2/cgisock.PID (where PID is the PID 
in question), however it does that as the www-data user and root group, who 
does not have write access to /var/run/apache2 (where only the root user has 
write permission).

To fix this, chmod g+rwx /var/run/apache2 fixes the issue.  Since we're only 
adding the root group, this likely has a minimal security effect.

Alternately, the default directive of
     /etc/apache2/mods-available/cgid.conf:    ScriptSock 
${APACHE_RUN_DIR}/cgisock
Should not point to a folder that does not have write access by www-data user 
and a subfolder with more open permission should be created.


Hi,

Thanks for the report. Alternative: I tried to move cgid socket into 
${APACHE_RUN_DIR}/socks/cgisock, created now by apache2ctl and owned by 
www-data 
(https://salsa.debian.org/apache-team/apache2/-/pipelines/395609). Then 
no security changes.


Let's wait for pipeline result

Bug#695835: Projekt

[Dave E. Ramsden]

Mam projekt do omówienia z tobą. Jeśli jesteś zainteresowany, odpowiedz po 
więcej szczegółów, jeśli to możliwe, w języku angielskim.
   
Z poważaniem,
Dave Ramsden
_
Sekretarz: Vanni Gilbert

apache2_2.4.54-1~deb11u1_sourceonly.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 09 Jun 2022 06:26:43 +0200
Source: apache2
Architecture: source
Version: 2.4.54-1~deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Yadd 
Closes: 1010455 1012513
Changes:
 apache2 (2.4.54-1~deb11u1) bullseye; urgency=medium
 .
   [ Yadd ]
   * Fix htcacheclean doc (Closes: #1010455)
 .
   [ Yadd ]
   * New upstream version 2.4.54 (closes: #1012513, CVE-2022-31813,
 CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404,
 CVE-2022-30522, CVE-2022-30556, CVE-2022-28330)
Checksums-Sha1: 
 a9b12eda05896c39650d6bf2e13a2738c2b118d9 3539 apache2_2.4.54-1~deb11u1.dsc
 5121eed65951d525db5bde8c8997dffa6daa613a 9743277 apache2_2.4.54.orig.tar.gz
 f8c7a962998549f4816a18889555f8fa8b7f771a 874 apache2_2.4.54.orig.tar.gz.asc
 5957f685697fbaebbfa077ad2ae176923240d26b 894208 
apache2_2.4.54-1~deb11u1.debian.tar.xz
Checksums-Sha256: 
 a019ec1ca8130e8fdbde9ee198ed551a114961a32a37b9775d944659bfeaaae5 3539 
apache2_2.4.54-1~deb11u1.dsc
 c687b99c446c0ef345e7d86c21a8e15fc074b7d5152c4fe22b0463e2be346ffb 9743277 
apache2_2.4.54.orig.tar.gz
 d3855dc59d3e6ceaddd6d224aa9a33eef554c2706ccee5894e54f2b229ee800a 874 
apache2_2.4.54.orig.tar.gz.asc
 89189e18b964f58a7943024bb40af782fce654149d11c3be872af6ca73388117 894208 
apache2_2.4.54-1~deb11u1.debian.tar.xz
Files: 
 5648326c781d60301f7c8b6a231538d9 3539 httpd optional 
apache2_2.4.54-1~deb11u1.dsc
 5830f69aeed1f4a00a563862aaf2c67d 9743277 httpd optional 
apache2_2.4.54.orig.tar.gz
 35861f1b441ce88c67ee109b63106ef7 874 httpd optional 
apache2_2.4.54.orig.tar.gz.asc
 7da218147f56f14894ab220f4a8f7f4a 894208 httpd optional 
apache2_2.4.54-1~deb11u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmK/RAcACgkQ9tdMp8mZ
7ukoBxAAiL67H3JqzhKPohCjNgMKrL2kBmWrOt7kb7H7pxUSbU4IjQqWbMOIRvck
Ec6yPDiZN3dfeI8DpR0Hb2tuuloa5VOfXpm0XSWMXtpyCSF5dw7xgNv28JvOgL6v
wvA8CShBrakOXp8kmnYlBzK1V1VI2Sn7ZsborbQnSEuBEH9jUXm/CoRjhB96/LAw
Dd6QUs26PergZpjgeM6OJwFIsN2PX4/JFP44Apfsv0rBFyuuuK8TrB/rGqvFL/N+
n5cJNWUq56b700OdzGHcR/1pTj2cVEnr6qbAo5gX94f2ttiYnt1MAB0AbKb2H5tm
iBTcvnPVRHhKuUi4etlEMpwOP4sQIIQ8W2fBMnQL0VBqd/0nmPsETQwgFZDRcLfu
UGu8a1uX0TyAm2RgZRgvLYnKcOlY79bLPjg/FWs7A/2zjHmjl9RT3GD6WuoAWGjh
cMZkl3AKW6ejwTeyuZ4/jkH/WWEuZlrk3lgLJrSaHG4AVRO6Ta4vN12oFGLWlmtb
aGjSJ0g+sGes9fEGlIITacZL1h03St5lDikRKxQaPVXVli+tdovzd04QhUtffcWQ
6bLncrfNv4hDUdPD7A2HrvbAGOa/JIXzntpmOocNWViWnNq+t/qYX8fcC4TMm4Z7
93FiwlzXI5cF1fR9HjlBAc5EX7m+lkrdOrIaUM1EHo2KfdJ2a8Y=
=Bmzf
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

Bug#1012513: marked as done (apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556)

[Debian Bug Tracking System]

Your message dated Sat, 02 Jul 2022 17:17:07 +
with message-id 
and subject line Bug#1012513: fixed in apache2 2.4.54-1~deb11u1
has caused the Debian Bug report #1012513,
regarding apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 
CVE-2022-29404 CVE-2022-30522 CVE-2022-30556
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1012513: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: apache2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for apache2.

CVE-2022-31813[0]:
| Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-*
| headers to the origin server based on client side Connection header
| hop-by-hop mechanism. This may be used to bypass IP based
| authentication on the origin server/application.

CVE-2022-26377[1]:
| Inconsistent Interpretation of HTTP Requests ('HTTP Request
| Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
| allows an attacker to smuggle requests to the AJP server it forwards
| requests to. This issue affects Apache HTTP Server Apache HTTP Server
| 2.4 version 2.4.53 and prior versions.

CVE-2022-28614[2]:
| The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may
| read unintended memory if an attacker can cause the server to reflect
| very large input using ap_rwrite() or ap_rputs(), such as with
| mod_luas r:puts() function.

CVE-2022-28615[3]:
| Apache HTTP Server 2.4.53 and earlier may crash or disclose
| information due to a read beyond bounds in ap_strcmp_match() when
| provided with an extremely large input buffer. While no code
| distributed with the server can be coerced into such a call, third-
| party modules or lua scripts that use ap_strcmp_match() may
| hypothetically be affected.

CVE-2022-29404[4]:
| In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua
| script that calls r:parsebody(0) may cause a denial of service due to
| no default limit on possible input size.

CVE-2022-30522[5]:
| If Apache HTTP Server 2.4.53 is configured to do transformations with
| mod_sed in contexts where the input to mod_sed may be very large,
| mod_sed may make excessively large memory allocations and trigger an
| abort.

CVE-2022-30556[6]:
| Apache HTTP Server 2.4.53 and earlier may return lengths to
| applications calling r:wsread() that point past the end of the storage
| allocated for the buffer.

As usual Apache fails to directly identify fixing commits at
https://httpd.apache.org/security/vulnerabilities_24.html

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-31813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813
[1] https://security-tracker.debian.org/tracker/CVE-2022-26377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377
[2] https://security-tracker.debian.org/tracker/CVE-2022-28614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614
[3] https://security-tracker.debian.org/tracker/CVE-2022-28615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615
[4] https://security-tracker.debian.org/tracker/CVE-2022-29404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404
[5] https://security-tracker.debian.org/tracker/CVE-2022-30522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522
[6] https://security-tracker.debian.org/tracker/CVE-2022-30556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556

Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: apache2
Source-Version: 2.4.54-1~deb11u1
Done: Yadd 

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1012...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yadd  (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED 

Bug#1010455: marked as done (Should apache2.README.Debian refer to apache-htcacheclean ?)

[Debian Bug Tracking System]

Your message dated Sat, 02 Jul 2022 17:17:07 +
with message-id 
and subject line Bug#1010455: fixed in apache2 2.4.54-1~deb11u1
has caused the Debian Bug report #1010455,
regarding Should apache2.README.Debian refer to apache-htcacheclean ?
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1010455: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010455
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: apache2
Version: 2.4.53-2
Tags: patch
Severity: minor

Sort of a patch. Refering to 
https://salsa.debian.org/apache-team/apache2/-/blob/master/debian/apache2.README.Debian

Line 193 refers to '/etc/default/apache2'.
Shouldn't that be '/etc/default/apache-htcacheclean' ?

The context is the configuration file for using mod_cache_disk.

--
u34
--- End Message ---
--- Begin Message ---
Source: apache2
Source-Version: 2.4.54-1~deb11u1
Done: Yadd 

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1010...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yadd  (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 09 Jun 2022 06:26:43 +0200
Source: apache2
Architecture: source
Version: 2.4.54-1~deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Yadd 
Closes: 1010455 1012513
Changes:
 apache2 (2.4.54-1~deb11u1) bullseye; urgency=medium
 .
   [ Yadd ]
   * Fix htcacheclean doc (Closes: #1010455)
 .
   [ Yadd ]
   * New upstream version 2.4.54 (closes: #1012513, CVE-2022-31813,
 CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404,
 CVE-2022-30522, CVE-2022-30556, CVE-2022-28330)
Checksums-Sha1: 
 a9b12eda05896c39650d6bf2e13a2738c2b118d9 3539 apache2_2.4.54-1~deb11u1.dsc
 5121eed65951d525db5bde8c8997dffa6daa613a 9743277 apache2_2.4.54.orig.tar.gz
 f8c7a962998549f4816a18889555f8fa8b7f771a 874 apache2_2.4.54.orig.tar.gz.asc
 5957f685697fbaebbfa077ad2ae176923240d26b 894208 
apache2_2.4.54-1~deb11u1.debian.tar.xz
Checksums-Sha256: 
 a019ec1ca8130e8fdbde9ee198ed551a114961a32a37b9775d944659bfeaaae5 3539 
apache2_2.4.54-1~deb11u1.dsc
 c687b99c446c0ef345e7d86c21a8e15fc074b7d5152c4fe22b0463e2be346ffb 9743277 
apache2_2.4.54.orig.tar.gz
 d3855dc59d3e6ceaddd6d224aa9a33eef554c2706ccee5894e54f2b229ee800a 874 
apache2_2.4.54.orig.tar.gz.asc
 89189e18b964f58a7943024bb40af782fce654149d11c3be872af6ca73388117 894208 
apache2_2.4.54-1~deb11u1.debian.tar.xz
Files: 
 5648326c781d60301f7c8b6a231538d9 3539 httpd optional 
apache2_2.4.54-1~deb11u1.dsc
 5830f69aeed1f4a00a563862aaf2c67d 9743277 httpd optional 
apache2_2.4.54.orig.tar.gz
 35861f1b441ce88c67ee109b63106ef7 874 httpd optional 
apache2_2.4.54.orig.tar.gz.asc
 7da218147f56f14894ab220f4a8f7f4a 894208 httpd optional 
apache2_2.4.54-1~deb11u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmK/RAcACgkQ9tdMp8mZ
7ukoBxAAiL67H3JqzhKPohCjNgMKrL2kBmWrOt7kb7H7pxUSbU4IjQqWbMOIRvck
Ec6yPDiZN3dfeI8DpR0Hb2tuuloa5VOfXpm0XSWMXtpyCSF5dw7xgNv28JvOgL6v
wvA8CShBrakOXp8kmnYlBzK1V1VI2Sn7ZsborbQnSEuBEH9jUXm/CoRjhB96/LAw
Dd6QUs26PergZpjgeM6OJwFIsN2PX4/JFP44Apfsv0rBFyuuuK8TrB/rGqvFL/N+
n5cJNWUq56b700OdzGHcR/1pTj2cVEnr6qbAo5gX94f2ttiYnt1MAB0AbKb2H5tm
iBTcvnPVRHhKuUi4etlEMpwOP4sQIIQ8W2fBMnQL0VBqd/0nmPsETQwgFZDRcLfu
UGu8a1uX0TyAm2RgZRgvLYnKcOlY79bLPjg/FWs7A/2zjHmjl9RT3GD6WuoAWGjh
cMZkl3AKW6ejwTeyuZ4/jkH/WWEuZlrk3lgLJrSaHG4AVRO6Ta4vN12oFGLWlmtb
aGjSJ0g+sGes9fEGlIITacZL1h03St5lDikRKxQaPVXVli+tdovzd04QhUtffcWQ
6bLncrfNv4hDUdPD7A2HrvbAGOa/JIXzntpmOocNWViWnNq+t/qYX8fcC4TMm4Z7
93FiwlzXI5cF1fR9HjlBAc5EX7m+lkrdOrIaUM1EHo2KfdJ2a8Y=
=Bmzf
-END PGP SIGNATURE End Message ---

apache2_2.4.54-1~deb11u1_sourceonly.changes ACCEPTED into proposed-updates->stable-new

[Debian FTP Masters]

Mapping bullseye to stable.
Mapping stable to proposed-updates.

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 09 Jun 2022 06:26:43 +0200
Source: apache2
Architecture: source
Version: 2.4.54-1~deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Yadd 
Closes: 1010455 1012513
Changes:
 apache2 (2.4.54-1~deb11u1) bullseye; urgency=medium
 .
   [ Yadd ]
   * Fix htcacheclean doc (Closes: #1010455)
 .
   [ Yadd ]
   * New upstream version 2.4.54 (closes: #1012513, CVE-2022-31813,
 CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404,
 CVE-2022-30522, CVE-2022-30556, CVE-2022-28330)
Checksums-Sha1: 
 a9b12eda05896c39650d6bf2e13a2738c2b118d9 3539 apache2_2.4.54-1~deb11u1.dsc
 5121eed65951d525db5bde8c8997dffa6daa613a 9743277 apache2_2.4.54.orig.tar.gz
 f8c7a962998549f4816a18889555f8fa8b7f771a 874 apache2_2.4.54.orig.tar.gz.asc
 5957f685697fbaebbfa077ad2ae176923240d26b 894208 
apache2_2.4.54-1~deb11u1.debian.tar.xz
Checksums-Sha256: 
 a019ec1ca8130e8fdbde9ee198ed551a114961a32a37b9775d944659bfeaaae5 3539 
apache2_2.4.54-1~deb11u1.dsc
 c687b99c446c0ef345e7d86c21a8e15fc074b7d5152c4fe22b0463e2be346ffb 9743277 
apache2_2.4.54.orig.tar.gz
 d3855dc59d3e6ceaddd6d224aa9a33eef554c2706ccee5894e54f2b229ee800a 874 
apache2_2.4.54.orig.tar.gz.asc
 89189e18b964f58a7943024bb40af782fce654149d11c3be872af6ca73388117 894208 
apache2_2.4.54-1~deb11u1.debian.tar.xz
Files: 
 5648326c781d60301f7c8b6a231538d9 3539 httpd optional 
apache2_2.4.54-1~deb11u1.dsc
 5830f69aeed1f4a00a563862aaf2c67d 9743277 httpd optional 
apache2_2.4.54.orig.tar.gz
 35861f1b441ce88c67ee109b63106ef7 874 httpd optional 
apache2_2.4.54.orig.tar.gz.asc
 7da218147f56f14894ab220f4a8f7f4a 894208 httpd optional 
apache2_2.4.54-1~deb11u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmK/RAcACgkQ9tdMp8mZ
7ukoBxAAiL67H3JqzhKPohCjNgMKrL2kBmWrOt7kb7H7pxUSbU4IjQqWbMOIRvck
Ec6yPDiZN3dfeI8DpR0Hb2tuuloa5VOfXpm0XSWMXtpyCSF5dw7xgNv28JvOgL6v
wvA8CShBrakOXp8kmnYlBzK1V1VI2Sn7ZsborbQnSEuBEH9jUXm/CoRjhB96/LAw
Dd6QUs26PergZpjgeM6OJwFIsN2PX4/JFP44Apfsv0rBFyuuuK8TrB/rGqvFL/N+
n5cJNWUq56b700OdzGHcR/1pTj2cVEnr6qbAo5gX94f2ttiYnt1MAB0AbKb2H5tm
iBTcvnPVRHhKuUi4etlEMpwOP4sQIIQ8W2fBMnQL0VBqd/0nmPsETQwgFZDRcLfu
UGu8a1uX0TyAm2RgZRgvLYnKcOlY79bLPjg/FWs7A/2zjHmjl9RT3GD6WuoAWGjh
cMZkl3AKW6ejwTeyuZ4/jkH/WWEuZlrk3lgLJrSaHG4AVRO6Ta4vN12oFGLWlmtb
aGjSJ0g+sGes9fEGlIITacZL1h03St5lDikRKxQaPVXVli+tdovzd04QhUtffcWQ
6bLncrfNv4hDUdPD7A2HrvbAGOa/JIXzntpmOocNWViWnNq+t/qYX8fcC4TMm4Z7
93FiwlzXI5cF1fR9HjlBAc5EX7m+lkrdOrIaUM1EHo2KfdJ2a8Y=
=Bmzf
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

Processing of apache2_2.4.54-1~deb11u1_sourceonly.changes

[Debian FTP Masters]

apache2_2.4.54-1~deb11u1_sourceonly.changes uploaded successfully to localhost
along with the files:
  apache2_2.4.54-1~deb11u1.dsc
  apache2_2.4.54.orig.tar.gz
  apache2_2.4.54.orig.tar.gz.asc
  apache2_2.4.54-1~deb11u1.debian.tar.xz

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

Bug#1014056: apache2: /var/run/apache2 permissions too narrow for cgid

[MK]

Package: apache2
Version: 2.4.53-1~deb11u1
Severity: minor


Dear Maintainer,


*** Reporter, please consider answering these questions, where appropriate ***


Enabling cgid in apache2 (with a2enmod cgid) results in an error when using 
mpm_event:
    [cgid:error] [pid 8943:tid 140189712234240] (22)Invalid argument: [client 
x.x.x.x:49364] AH01257: unable to connect to cgi daemon after multiple tries: 
/usr/lib/cgi-bin/xx
Meanwhile, the user receives a 503 HTTP error, rather than the CGI content.

Upon launch, Apache creates /var/run/apache2/cgisock.PID (where PID is the PID 
in question), however it does that as the www-data user and root group, who 
does not have write access to /var/run/apache2 (where only the root user has 
write permission).

To fix this, chmod g+rwx /var/run/apache2 fixes the issue.  Since we're only 
adding the root group, this likely has a minimal security effect.

Alternately, the default directive of
    /etc/apache2/mods-available/cgid.conf:    ScriptSock 
${APACHE_RUN_DIR}/cgisock
Should not point to a folder that does not have write access by www-data user 
and a subfolder with more open permission should be created.

-- Package-specific info:


-- System Information:
Debian Release: 11.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)


Kernel: Linux 5.10.0-15-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


Versions of packages apache2 depends on:
ii  apache2-bin          2.4.53-1~deb11u1
ii  apache2-data         2.4.53-1~deb11u1
ii  apache2-utils        2.4.53-1~deb11u1
ii  dpkg                 1.20.10
ii  init-system-helpers  1.60
ii  lsb-base             11.1.0
ii  mime-support         3.66
ii  perl                 5.32.1-4+deb11u2
ii  procps               2:3.3.17-5


Versions of packages apache2 recommends:
ii  ssl-cert  1.1.0+nmu1


Versions of packages apache2 suggests:
pn  apache2-doc                                      
pn  apache2-suexec-pristine | apache2-suexec-custom  
pn  www-browser                                      


Versions of packages apache2-bin depends on:
ii  libapr1                  1.7.0-6+deb11u1
ii  libaprutil1              1.6.1-5
ii  libaprutil1-dbd-sqlite3  1.6.1-5
ii  libaprutil1-ldap         1.6.1-5
ii  libbrotli1               1.0.9-2+b2
ii  libc6                    2.31-13+deb11u3
ii  libcrypt1                1:4.4.18-4
ii  libcurl4                 7.74.0-1.3+deb11u1
ii  libjansson4              2.13.1-1.1
ii  libldap-2.4-2            2.4.57+dfsg-3+deb11u1
ii  liblua5.3-0              5.3.3-1.1+b1
ii  libnghttp2-14            1.43.0-1
ii  libpcre3                 2:8.39-13
ii  libssl1.1                1.1.1n-0+deb11u3
ii  libxml2                  2.9.10+dfsg-6.7+deb11u2
ii  perl                     5.32.1-4+deb11u2
ii  zlib1g                   1:1.2.11.dfsg-2+deb11u1


Versions of packages apache2-bin suggests:
pn  apache2-doc                                      
pn  apache2-suexec-pristine | apache2-suexec-custom  
pn  www-browser                                      


Versions of packages apache2 is related to:
ii  apache2      2.4.53-1~deb11u1
ii  apache2-bin  2.4.53-1~deb11u1


-- no debconf information

Uproszczenie obiegu dokumentacji

[Małgorzata Piwońska]

Dzień dobry,

zastanawiali się Państwo  nad wdrożeniem systemu, który gromadzi całą 
korespondencję firmową w jednym miejscu?

Korzystając z jednej, wspólnej firmowej bazy dokumentów, obiegu faktur, umów, 
realizowanych zadań oraz kontaktów i treści e-maili usprawniacie Państwo 
kontakt z Klientem i obsługę projektów. Rozwiązanie pozwala przyspieszyć 
wykonywanie codziennych procesów w środowisku Ms Outlook. 

Chętnie przedstawię, jak takie rozwiązanie sprawdzi się w Państwa firmie. Mogę 
zadzwonić i opowiedzieć o szczegółach?


Pozdrawiam,
Małgorzata Piwońska
Area Manager

Re: apache2 update for next buster point release?

[Roberto C . Sánchez]

On Tue, Jun 21, 2022 at 09:44:37AM +0200, Emilio Pozuelo Monfort wrote:
> Hi Roberto,
> 
> On 20/06/2022 22:30, Roberto C. Sánchez wrote:
> > Hello Release Managers,
> > 
> > I have been working on updating apache2 for stretch.  Most of the open
> > CVEs affect both the stretch and buster versions of apache2 (in addition
> > to the bullseye version).  For the buster/bullseye the CVEs have mostly
> > been marked " (Minor issue; can be fixed in point release)".
> > 
> > Since buster will shortly transition to LTS, it seems likely that we
> > will want an update of apache2 in the final buster point release prior
> > to the LTS transition.  The info at release.debian.org indicates that a
> > buster point release is planned for mid-June, which makes me think one
> > could be scheduled anytime.
> 
> The final point release is likely to happen in August.
> 
> > I backported the patches for the CVEs fixed upstream in versions 2.4.53
> > and 2.4.54 and I am proposing an upload as described by the attached
> > debdiff.  Please let me know if this would be acceptable.  If so, I will
> > file the appropriate bug in the BTS and then proceed with the upload.
> 
> Please file a buster-pu bug so that the reviews can take place there.
> Otherwise this may get lost.
> 
> Also please mention (in that bug) what the risk of regressions is, what kind
> of testing you have done (e.g. manual testing, test suite, autopkgtests...).
> 
Thanks for the pointer.  I will do as you suggest.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: apache2 update for next buster point release?

[Emilio Pozuelo Monfort]

Hi Roberto,

On 20/06/2022 22:30, Roberto C. Sánchez wrote:

Hello Release Managers,

I have been working on updating apache2 for stretch.  Most of the open
CVEs affect both the stretch and buster versions of apache2 (in addition
to the bullseye version).  For the buster/bullseye the CVEs have mostly
been marked " (Minor issue; can be fixed in point release)".

Since buster will shortly transition to LTS, it seems likely that we
will want an update of apache2 in the final buster point release prior
to the LTS transition.  The info at release.debian.org indicates that a
buster point release is planned for mid-June, which makes me think one
could be scheduled anytime.


The final point release is likely to happen in August.


I backported the patches for the CVEs fixed upstream in versions 2.4.53
and 2.4.54 and I am proposing an upload as described by the attached
debdiff.  Please let me know if this would be acceptable.  If so, I will
file the appropriate bug in the BTS and then proceed with the upload.


Please file a buster-pu bug so that the reviews can take place there. Otherwise 
this may get lost.


Also please mention (in that bug) what the risk of regressions is, what kind of 
testing you have done (e.g. manual testing, test suite, autopkgtests...).


Cheers,
Emilio

apache2 update for next buster point release?

[Roberto C . Sánchez]

Hello Release Managers,

I have been working on updating apache2 for stretch.  Most of the open
CVEs affect both the stretch and buster versions of apache2 (in addition
to the bullseye version).  For the buster/bullseye the CVEs have mostly
been marked " (Minor issue; can be fixed in point release)".

Since buster will shortly transition to LTS, it seems likely that we
will want an update of apache2 in the final buster point release prior
to the LTS transition.  The info at release.debian.org indicates that a
buster point release is planned for mid-June, which makes me think one
could be scheduled anytime.

I backported the patches for the CVEs fixed upstream in versions 2.4.53
and 2.4.54 and I am proposing an upload as described by the attached
debdiff.  Please let me know if this would be acceptable.  If so, I will
file the appropriate bug in the BTS and then proceed with the upload.

Regards,

-Roberto

P.S. I am not subscribed to either debian-release or debian-apache, so
CCs would be appreciated.

-- 
Roberto C. Sánchez
diff -Nru apache2-2.4.38/debian/changelog apache2-2.4.38/debian/changelog
--- apache2-2.4.38/debian/changelog 2021-12-21 11:50:43.0 -0500
+++ apache2-2.4.38/debian/changelog 2022-06-20 15:03:00.0 -0400
@@ -1,3 +1,20 @@
+apache2 (2.4.38-3+deb10u8) buster; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2022-22719: denial of service in mod_lua via crafted request body.
+  * CVE-2022-22720: HTTP request smuggling.
+  * CVE-2022-22721: integer overflow leading to buffer overflow write.
+  * CVE-2022-23943: heap memory overwrite via crafted data in mod_sed.
+  * CVE-2022-26377: mod_proxy_ajp: Possible request smuggling.
+  * CVE-2022-28614: read beyond bounds via ap_rwrite().
+  * CVE-2022-28615: Read beyond bounds in ap_strcmp_match().
+  * CVE-2022-29404: Denial of service in mod_lua r:parsebody.
+  * CVE-2022-30522: mod_sed denial of service.
+  * CVE-2022-30556: Information Disclosure in mod_lua with websockets.
+  * CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism.
+
+ -- Roberto C. Sánchez   Mon, 20 Jun 2022 15:03:00 -0400
+
 apache2 (2.4.38-3+deb10u7) buster-security; urgency=medium
 
   * Fix possible NULL dereference or SSRF in forward proxy configurations
diff -Nru apache2-2.4.38/debian/patches/CVE-2022-22719.patch 
apache2-2.4.38/debian/patches/CVE-2022-22719.patch
--- apache2-2.4.38/debian/patches/CVE-2022-22719.patch  1969-12-31 
19:00:00.0 -0500
+++ apache2-2.4.38/debian/patches/CVE-2022-22719.patch  2022-06-20 
15:03:00.0 -0400
@@ -0,0 +1,95 @@
+From 1b96582269d9ec7c82ee0fea1f67934e4b8176ad Mon Sep 17 00:00:00 2001
+From: Yann Ylavic 
+Date: Mon, 7 Mar 2022 14:51:19 +
+Subject: [PATCH] mod_lua: Error out if lua_read_body() or lua_write_body()
+ fail.
+
+Otherwise r:requestbody() or r:parsebody() failures might go unnoticed for
+the user.
+
+
+Merge r1898689 from trunk.
+Submitted by: rpluem
+Reviewed by: rpluem, covener, ylavic
+
+
+git-svn-id: 
https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1898694 
13f79535-47bb-0310-9956-ffa450edef68
+---
+ modules/lua/lua_request.c | 33 -
+ 1 file changed, 20 insertions(+), 13 deletions(-)
+
+diff --git a/modules/lua/lua_request.c b/modules/lua/lua_request.c
+index 493b2bb431..1eab7b6a47 100644
+--- a/modules/lua/lua_request.c
 b/modules/lua/lua_request.c
+@@ -235,14 +235,16 @@ static int lua_read_body(request_rec *r, const char 
**rbuf, apr_off_t *size,
+ {
+ int rc = OK;
+ 
++*rbuf = NULL;
++*size = 0;
++
+ if ((rc = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR))) {
+ return (rc);
+ }
+ if (ap_should_client_block(r)) {
+ 
+ /**/
+-char argsbuffer[HUGE_STRING_LEN];
+-apr_off_trsize, len_read, rpos = 0;
++apr_off_tlen_read, rpos = 0;
+ apr_off_t length = r->remaining;
+ /**/
+ 
+@@ -250,18 +252,18 @@ static int lua_read_body(request_rec *r, const char 
**rbuf, apr_off_t *size,
+ return APR_EINCOMPLETE; /* Only room for incomplete data chunk :( 
*/
+ }
+ *rbuf = (const char *) apr_pcalloc(r->pool, (apr_size_t) (length + 
1));
+-*size = length;
+-while ((len_read = ap_get_client_block(r, argsbuffer, 
sizeof(argsbuffer))) > 0) {
+-if ((rpos + len_read) > length) {
+-rsize = length - rpos;
+-}
+-else {
+-rsize = len_read;
+-}
+-
+-memcpy((char *) *rbuf + rpos, argsbuffer, (size_t) rsize);
+-rpos += rsize;
++while ((rpos < length)
++   && (len_read = ap_get_client_block(r, (char *) *rbuf + rpos,
++   length - rpos)) > 0) {
++rpos += len_read;
++}
++if (len_read < 0) {
++return APR_EINCOMPLETE;
+ }

Bug#842676: Buenas tardes como puedo solucionar el problema de apache 2?

[manuel flores]

Obtener Outlook para Android

Bugs for Ruby Fox ;3

[rost gor]

The fox is a little underworked, it would be interesting if he would get more 
attention and love.It will be cool if this mail turns out to be the work of the 
givers, and not your second.I think you know who wrote it :3

apache2_2.4.54-1_sourceonly.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 09 Jun 2022 06:33:53 +0200
Source: apache2
Built-For-Profiles: nocheck
Architecture: source
Version: 2.4.54-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Yadd 
Closes: 1010455 1012513
Changes:
 apache2 (2.4.54-1) unstable; urgency=medium
 .
   [ Simon Deziel ]
   * Escape literal "." for BrowserMatch directives in setenvif.conf
   * Use non-capturing regex with FilesMatch directive in default-ssl.conf
 .
   [ Ondřej Surý ]
   * New upstream version 2.4.54 (Closes: #1012513, CVE-2022-31813,
 CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404,
 CVE-2022-30522, CVE-2022-30556, CVE-2022-28330)
 .
   [ Yadd ]
   * Fix htcacheclean doc (Closes: #1010455)
   * New upstream version 2.4.54
Checksums-Sha1: 
 ab83430595284de35a09b4925ff02d25f0c59836 3488 apache2_2.4.54-1.dsc
 5121eed65951d525db5bde8c8997dffa6daa613a 9743277 apache2_2.4.54.orig.tar.gz
 f8c7a962998549f4816a18889555f8fa8b7f771a 874 apache2_2.4.54.orig.tar.gz.asc
 c3d54fc0133d051edc03cfd9366022c62e41208e 899680 apache2_2.4.54-1.debian.tar.xz
Checksums-Sha256: 
 6638ab251c44e19013fbeef8616adf60fd82e71fc62b59ed950e4920e4dfcafd 3488 
apache2_2.4.54-1.dsc
 c687b99c446c0ef345e7d86c21a8e15fc074b7d5152c4fe22b0463e2be346ffb 9743277 
apache2_2.4.54.orig.tar.gz
 d3855dc59d3e6ceaddd6d224aa9a33eef554c2706ccee5894e54f2b229ee800a 874 
apache2_2.4.54.orig.tar.gz.asc
 a9b19fbb49ba9540dc5004a537cad3c70eb05448076f55544592844a7d6e0cfd 899680 
apache2_2.4.54-1.debian.tar.xz
Files: 
 71f12c8f92422781eaefc68f56367ea0 3488 httpd optional apache2_2.4.54-1.dsc
 5830f69aeed1f4a00a563862aaf2c67d 9743277 httpd optional 
apache2_2.4.54.orig.tar.gz
 35861f1b441ce88c67ee109b63106ef7 874 httpd optional 
apache2_2.4.54.orig.tar.gz.asc
 f13ba4968c990a764664cdfd2a69a808 899680 httpd optional 
apache2_2.4.54-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmKheQwACgkQ9tdMp8mZ
7unuEQ//Uc6nlVALQPXVfl4TbGDfnBV6/tphfDz6BVWXwtXgoors/LCEIz0wqJCf
nqmFmttTbqWp9zz65SFjN1nYcs2m8AhMDQBjEYkHvfi2hcsGmfBSBjVGCJzPi2Cg
qKtx70i8v9Psm5Y6+UV/4LNlnCX+wCHFtLAeTFE8H9/3m8xsPc7kRsbK/pJYcit5
Fo7XZ3djflWTR2cUUAGToHZTb23dVNhEZQFcpBpMdxo3wAgJm+3rMSamb0e070jm
vsJiifY0QY/a3uRVeJeiZq5zykfQxr6FBoQ97Q79/FIGV0YI+tg96Fxph/vISJ3B
/fS8JgoeIOy5SI5+tOF4/D+/bRhvskwL7swL7Lk8n/Jff6ruFafAL2x+//IMunOq
Xdpixj5PdgwXq80fmwH/EWzFl77iSjosGTITgVkp9r1SdtumoxM1pkM3GukaZ/ev
0D8Q7iAXXejYQHD6Q7fv7InYdQLa9IjhUuqzCi7u6sIr+d0kuw6mb+A5CSz4toQd
SUkHozlF7gzU7m3u4afbBLDAR1WCqZKjRWmcDIsc+wJVRWDkpIzmEHqPqE05dn4f
tSqA5p5WKGdOJd4CXxMrpx654a7itmYllK1AgqSH0fykUciDKYyWP61AAL2oinP2
UDSE8GSjA2MK7z+Zg/WEL7eKJlqBkTltDByFpH6xMluPiZTUQRY=
=pJbP
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

Bug#1010455: marked as done (Should apache2.README.Debian refer to apache-htcacheclean ?)

[Debian Bug Tracking System]

Your message dated Thu, 09 Jun 2022 05:03:55 +
with message-id 
and subject line Bug#1010455: fixed in apache2 2.4.54-1
has caused the Debian Bug report #1010455,
regarding Should apache2.README.Debian refer to apache-htcacheclean ?
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1010455: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010455
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: apache2
Version: 2.4.53-2
Tags: patch
Severity: minor

Sort of a patch. Refering to 
https://salsa.debian.org/apache-team/apache2/-/blob/master/debian/apache2.README.Debian

Line 193 refers to '/etc/default/apache2'.
Shouldn't that be '/etc/default/apache-htcacheclean' ?

The context is the configuration file for using mod_cache_disk.

--
u34
--- End Message ---
--- Begin Message ---
Source: apache2
Source-Version: 2.4.54-1
Done: Yadd 

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1010...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yadd  (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 09 Jun 2022 06:33:53 +0200
Source: apache2
Built-For-Profiles: nocheck
Architecture: source
Version: 2.4.54-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Yadd 
Closes: 1010455 1012513
Changes:
 apache2 (2.4.54-1) unstable; urgency=medium
 .
   [ Simon Deziel ]
   * Escape literal "." for BrowserMatch directives in setenvif.conf
   * Use non-capturing regex with FilesMatch directive in default-ssl.conf
 .
   [ Ondřej Surý ]
   * New upstream version 2.4.54 (Closes: #1012513, CVE-2022-31813,
 CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404,
 CVE-2022-30522, CVE-2022-30556, CVE-2022-28330)
 .
   [ Yadd ]
   * Fix htcacheclean doc (Closes: #1010455)
   * New upstream version 2.4.54
Checksums-Sha1: 
 ab83430595284de35a09b4925ff02d25f0c59836 3488 apache2_2.4.54-1.dsc
 5121eed65951d525db5bde8c8997dffa6daa613a 9743277 apache2_2.4.54.orig.tar.gz
 f8c7a962998549f4816a18889555f8fa8b7f771a 874 apache2_2.4.54.orig.tar.gz.asc
 c3d54fc0133d051edc03cfd9366022c62e41208e 899680 apache2_2.4.54-1.debian.tar.xz
Checksums-Sha256: 
 6638ab251c44e19013fbeef8616adf60fd82e71fc62b59ed950e4920e4dfcafd 3488 
apache2_2.4.54-1.dsc
 c687b99c446c0ef345e7d86c21a8e15fc074b7d5152c4fe22b0463e2be346ffb 9743277 
apache2_2.4.54.orig.tar.gz
 d3855dc59d3e6ceaddd6d224aa9a33eef554c2706ccee5894e54f2b229ee800a 874 
apache2_2.4.54.orig.tar.gz.asc
 a9b19fbb49ba9540dc5004a537cad3c70eb05448076f55544592844a7d6e0cfd 899680 
apache2_2.4.54-1.debian.tar.xz
Files: 
 71f12c8f92422781eaefc68f56367ea0 3488 httpd optional apache2_2.4.54-1.dsc
 5830f69aeed1f4a00a563862aaf2c67d 9743277 httpd optional 
apache2_2.4.54.orig.tar.gz
 35861f1b441ce88c67ee109b63106ef7 874 httpd optional 
apache2_2.4.54.orig.tar.gz.asc
 f13ba4968c990a764664cdfd2a69a808 899680 httpd optional 
apache2_2.4.54-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmKheQwACgkQ9tdMp8mZ
7unuEQ//Uc6nlVALQPXVfl4TbGDfnBV6/tphfDz6BVWXwtXgoors/LCEIz0wqJCf
nqmFmttTbqWp9zz65SFjN1nYcs2m8AhMDQBjEYkHvfi2hcsGmfBSBjVGCJzPi2Cg
qKtx70i8v9Psm5Y6+UV/4LNlnCX+wCHFtLAeTFE8H9/3m8xsPc7kRsbK/pJYcit5
Fo7XZ3djflWTR2cUUAGToHZTb23dVNhEZQFcpBpMdxo3wAgJm+3rMSamb0e070jm
vsJiifY0QY/a3uRVeJeiZq5zykfQxr6FBoQ97Q79/FIGV0YI+tg96Fxph/vISJ3B
/fS8JgoeIOy5SI5+tOF4/D+/bRhvskwL7swL7Lk8n/Jff6ruFafAL2x+//IMunOq
Xdpixj5PdgwXq80fmwH/EWzFl77iSjosGTITgVkp9r1SdtumoxM1pkM3GukaZ/ev
0D8Q7iAXXejYQHD6Q7fv7InYdQLa9IjhUuqzCi7u6sIr+d0kuw6mb+A5CSz4toQd
SUkHozlF7gzU7m3u4afbBLDAR1WCqZKjRWmcDIsc+wJVRWDkpIzmEHqPqE05dn4f
tSqA5p5WKGdOJd4CXxMrpx654a7itmYllK1AgqSH0fykUciDKYyWP61AAL2oinP2
UDSE8GSjA2MK7z+Zg/WEL7eKJlqBkTltDByFpH6xMluPiZTUQRY=
=pJbP
-END PGP SIGNATURE End Message ---

Bug#1012513: marked as done (apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556)

[Debian Bug Tracking System]

Your message dated Thu, 09 Jun 2022 05:03:55 +
with message-id 
and subject line Bug#1012513: fixed in apache2 2.4.54-1
has caused the Debian Bug report #1012513,
regarding apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 
CVE-2022-29404 CVE-2022-30522 CVE-2022-30556
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1012513: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: apache2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for apache2.

CVE-2022-31813[0]:
| Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-*
| headers to the origin server based on client side Connection header
| hop-by-hop mechanism. This may be used to bypass IP based
| authentication on the origin server/application.

CVE-2022-26377[1]:
| Inconsistent Interpretation of HTTP Requests ('HTTP Request
| Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
| allows an attacker to smuggle requests to the AJP server it forwards
| requests to. This issue affects Apache HTTP Server Apache HTTP Server
| 2.4 version 2.4.53 and prior versions.

CVE-2022-28614[2]:
| The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may
| read unintended memory if an attacker can cause the server to reflect
| very large input using ap_rwrite() or ap_rputs(), such as with
| mod_luas r:puts() function.

CVE-2022-28615[3]:
| Apache HTTP Server 2.4.53 and earlier may crash or disclose
| information due to a read beyond bounds in ap_strcmp_match() when
| provided with an extremely large input buffer. While no code
| distributed with the server can be coerced into such a call, third-
| party modules or lua scripts that use ap_strcmp_match() may
| hypothetically be affected.

CVE-2022-29404[4]:
| In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua
| script that calls r:parsebody(0) may cause a denial of service due to
| no default limit on possible input size.

CVE-2022-30522[5]:
| If Apache HTTP Server 2.4.53 is configured to do transformations with
| mod_sed in contexts where the input to mod_sed may be very large,
| mod_sed may make excessively large memory allocations and trigger an
| abort.

CVE-2022-30556[6]:
| Apache HTTP Server 2.4.53 and earlier may return lengths to
| applications calling r:wsread() that point past the end of the storage
| allocated for the buffer.

As usual Apache fails to directly identify fixing commits at
https://httpd.apache.org/security/vulnerabilities_24.html

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-31813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813
[1] https://security-tracker.debian.org/tracker/CVE-2022-26377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377
[2] https://security-tracker.debian.org/tracker/CVE-2022-28614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614
[3] https://security-tracker.debian.org/tracker/CVE-2022-28615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615
[4] https://security-tracker.debian.org/tracker/CVE-2022-29404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404
[5] https://security-tracker.debian.org/tracker/CVE-2022-30522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522
[6] https://security-tracker.debian.org/tracker/CVE-2022-30556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556

Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: apache2
Source-Version: 2.4.54-1
Done: Yadd 

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1012...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yadd  (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: 

Processing of apache2_2.4.54-1_sourceonly.changes

[Debian FTP Masters]

apache2_2.4.54-1_sourceonly.changes uploaded successfully to localhost
along with the files:
  apache2_2.4.54-1.dsc
  apache2_2.4.54.orig.tar.gz
  apache2_2.4.54.orig.tar.gz.asc
  apache2_2.4.54-1.debian.tar.xz

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

Processed: tagging 1012513, found 1012513 in 2.4.53-2

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 1012513 + upstream
Bug #1012513 [src:apache2] apache2: CVE-2022-31813 CVE-2022-26377 
CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556
Added tag(s) upstream.
> found 1012513 2.4.53-2
Bug #1012513 [src:apache2] apache2: CVE-2022-31813 CVE-2022-26377 
CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556
Marked as found in versions apache2/2.4.53-2.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1012513: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1012513: apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556

[Moritz Muehlenhoff]

On Wed, Jun 08, 2022 at 07:51:28PM +0200, Yadd wrote:
> Hi,
> 
> those CVEs are tagged low/moderate by upstream, why did you tag this bug as 
> grave ?

Anything moderate or above should get fixed by the next Debian release IOW RC 
severity.

Cheers,
Moritz

Bug#1012513: apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556

[Yadd]

Hi,

those CVEs are tagged low/moderate by upstream, why did you tag this bug as 
grave ?

Cheers,
Yadd

Le Mercredi, Juin 08, 2022 17:49 CEST, Moritz Mühlenhoff  a 
écrit:

> Source: apache2
> X-Debbugs-CC: t...@security.debian.org
> Severity: grave
> Tags: security
>
> Hi,
>
> The following vulnerabilities were published for apache2.
>
> CVE-2022-31813[0]:
> | Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-*
> | headers to the origin server based on client side Connection header
> | hop-by-hop mechanism. This may be used to bypass IP based
> | authentication on the origin server/application.
>
> CVE-2022-26377[1]:
> | Inconsistent Interpretation of HTTP Requests ('HTTP Request
> | Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
> | allows an attacker to smuggle requests to the AJP server it forwards
> | requests to. This issue affects Apache HTTP Server Apache HTTP Server
> | 2.4 version 2.4.53 and prior versions.
>
> CVE-2022-28614[2]:
> | The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may
> | read unintended memory if an attacker can cause the server to reflect
> | very large input using ap_rwrite() or ap_rputs(), such as with
> | mod_luas r:puts() function.
>
> CVE-2022-28615[3]:
> | Apache HTTP Server 2.4.53 and earlier may crash or disclose
> | information due to a read beyond bounds in ap_strcmp_match() when
> | provided with an extremely large input buffer. While no code
> | distributed with the server can be coerced into such a call, third-
> | party modules or lua scripts that use ap_strcmp_match() may
> | hypothetically be affected.
>
> CVE-2022-29404[4]:
> | In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua
> | script that calls r:parsebody(0) may cause a denial of service due to
> | no default limit on possible input size.
>
> CVE-2022-30522[5]:
> | If Apache HTTP Server 2.4.53 is configured to do transformations with
> | mod_sed in contexts where the input to mod_sed may be very large,
> | mod_sed may make excessively large memory allocations and trigger an
> | abort.
>
> CVE-2022-30556[6]:
> | Apache HTTP Server 2.4.53 and earlier may return lengths to
> | applications calling r:wsread() that point past the end of the storage
> | allocated for the buffer.
>
> As usual Apache fails to directly identify fixing commits at
> https://httpd.apache.org/security/vulnerabilities_24.html
>
> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2022-31813
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813
> [1] https://security-tracker.debian.org/tracker/CVE-2022-26377
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377
> [2] https://security-tracker.debian.org/tracker/CVE-2022-28614
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614
> [3] https://security-tracker.debian.org/tracker/CVE-2022-28615
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615
> [4] https://security-tracker.debian.org/tracker/CVE-2022-29404
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404
> [5] https://security-tracker.debian.org/tracker/CVE-2022-30522
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522
> [6] https://security-tracker.debian.org/tracker/CVE-2022-30556
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556
>
> Please adjust the affected versions in the BTS as needed.
>

Bug#790943: Root and local certificate location clash

[Sergey Ponomarev]

You made a very good investigation on the topic.

I agree that a public cert shouldn't be placed into the same folder as
CA certs. There is some mention of a weird bug
https://serverfault.com/a/840191/442430
Instead I think that both private key and cert should be merged into a
one file and placed into /etc/ssl/private/.
It looks like there were a lot of discussions but we didn't come to a
single agreement about the place to store certs and how to manage
them.
Please read my proposition here
https://github.com/certbot/certbot/issues/1425#issuecomment-1150116062
I'll appreciate any feedback.

Regards,
Sergey Ponomarev, stokito.com

Bug#1012513: apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556

[Moritz Mühlenhoff]

Source: apache2
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for apache2.

CVE-2022-31813[0]:
| Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-*
| headers to the origin server based on client side Connection header
| hop-by-hop mechanism. This may be used to bypass IP based
| authentication on the origin server/application.

CVE-2022-26377[1]:
| Inconsistent Interpretation of HTTP Requests ('HTTP Request
| Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
| allows an attacker to smuggle requests to the AJP server it forwards
| requests to. This issue affects Apache HTTP Server Apache HTTP Server
| 2.4 version 2.4.53 and prior versions.

CVE-2022-28614[2]:
| The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may
| read unintended memory if an attacker can cause the server to reflect
| very large input using ap_rwrite() or ap_rputs(), such as with
| mod_luas r:puts() function.

CVE-2022-28615[3]:
| Apache HTTP Server 2.4.53 and earlier may crash or disclose
| information due to a read beyond bounds in ap_strcmp_match() when
| provided with an extremely large input buffer. While no code
| distributed with the server can be coerced into such a call, third-
| party modules or lua scripts that use ap_strcmp_match() may
| hypothetically be affected.

CVE-2022-29404[4]:
| In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua
| script that calls r:parsebody(0) may cause a denial of service due to
| no default limit on possible input size.

CVE-2022-30522[5]:
| If Apache HTTP Server 2.4.53 is configured to do transformations with
| mod_sed in contexts where the input to mod_sed may be very large,
| mod_sed may make excessively large memory allocations and trigger an
| abort.

CVE-2022-30556[6]:
| Apache HTTP Server 2.4.53 and earlier may return lengths to
| applications calling r:wsread() that point past the end of the storage
| allocated for the buffer.

As usual Apache fails to directly identify fixing commits at
https://httpd.apache.org/security/vulnerabilities_24.html

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-31813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813
[1] https://security-tracker.debian.org/tracker/CVE-2022-26377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377
[2] https://security-tracker.debian.org/tracker/CVE-2022-28614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614
[3] https://security-tracker.debian.org/tracker/CVE-2022-28615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615
[4] https://security-tracker.debian.org/tracker/CVE-2022-29404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404
[5] https://security-tracker.debian.org/tracker/CVE-2022-30522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522
[6] https://security-tracker.debian.org/tracker/CVE-2022-30556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556

Please adjust the affected versions in the BTS as needed.

Project of System

[Viljar Bodvar]

Hello,

Are you affected by limited local resources or service capability disrupted by 
war? You want to work with an experienced company from the European Union?

Dynamic software company, since 2011 on the market, with over 100 software 
engineers opens for new work. We usually work with EMEA banking, fin-tech, 
media and insurance. We are open to working as white label.

Our area of expertise covers:
- Custom web and mobile applications
- Business toolkit: BPM, Document Managements Systems ,Workflow, Business 
Intelligence, Enterprise Content Management, Document Portals and Document 
Generation, etc.
- Digital transformation & application enhancement
- Digital native projects / green field
- System integrations including open integration platform
- DevOps Support
- Manual and Automated Testing

What works very well for our customers in Germany and the UK is offering the 
service capability.  Looking from the customer perspective he/she receives at 
least one dedicated person but the work itself can be delivered by many people 
to ensure that the job would be accomplished as fast as possible.

So even if the contract is let's say for only up to 168 hours per month (the 
equivalent of one person) this can be delivered by more than one person. You 
can easily scale up or down where necessary.

Our most used stack for digital transformation is as below:

Backend: Apache Tomcat 9, Elasticsearch 7, Gradle 7, Kibana 7, Logstash 7, 
Apache Commons Lang 3, Apache Commons IO 2, Apache Commons Text 1, Apache 
PdfBox 2, Bouncy Castle OpenPGP API 1, Exchange Web Services Java API 2, Flyway 
8, Hibernate 5, IText Core 5, JAX WS API 2, Log4j2 2, Opencsv 5, Spring Boot 2, 
Thymeleaf 3

Frontend : Angular 13, Angular Material 13, File-saver 2, Hammerjs 2, Lodash 4, 
NgxSpinner 12, RxJS 7, Tailwindcss 2, Tslib 2, Zone.js 0.11

I hope to hear from you soon!.


Best regards

Viljar Bodvar

Bug#1012358: apache2: apache on Debian is several times slower than on other distros, according to Phoronix

[Fabio Pedretti]

Related Ubuntu bug:
https://bugs.launchpad.net/debian/+source/apache2/+bug/1977687

Bug#1012358: apache2: apache on Debian is several times slower than on other distros, according to Phoronix

[Fabio Pedretti]

Package: apache2
Severity: normal
X-Debbugs-Cc: pedretti.fa...@gmail.com

Dear Maintainer,

according to this recent Phoronix test apache on Debian is several times
slower than on other distros:
https://www.phoronix.com/scan.php?page=article=h1-2022-linux=7

It is not entirely clear how the test was performed, and given the test
says version is 2.4.48 it may be using a custom build apache version and
not the Debian package.

Also it may be an issue not strictly related to apache, since that test
shows that other tests are also a lot slower on Debian.

Nonetheless, given that apache is a common work usage on Debian, I
report this issue in case someone has interest in checking what's going
on.

Thanks.

Bug#1000627: apache2: missing dependency setting

[Michael Biebl]

Binding to a specific interface is not the default Apache or OpenSSH 
configuration.


It can thus be argued that if the bug reporter want's to run such a 
configuration he can easily create a corresponding drop-in via

systemctl edit apache2.service
or
systemctl edit ssh.service

containing

[Unit]
Wants=network-online.target
After=network-online.target


I'd like to refer to https://systemd.io/NETWORK_ONLINE/ as well.
Especially to "Should network-online.target be used?" which suggest 
better and more robust options then using network-online.target


Regards,
Michael


OpenPGP_signature
Description: OpenPGP digital signature

Zagospodarowanie miejsc magazynowych

[Marek Pozyrewski]

Dzień dobry, 

czy interesują Państwo regały magazynowe, które pozwolą odpowiednio 
zagospodarować i całościowo wykorzystać przestrzeń hali? 

Kontaktuję się ponieważ mogę zaproponować Państwu wytrzymałe i stabilne regały, 
szafy oraz pojemniki, a także skrzyniopalety i kontenery samowyładowcze.

Jeżeli zależy Państwu na bezpiecznym i wygodnym składowaniu towarów, produktów 
i półfabrykatów, nasze rozwiązania zagwarantują firmie efektywne wykorzystanie 
dostępnej przestrzeni.

Ze swojej strony zapewniamy transport oraz długoletnią gwarancję.
 
Czy byliby Państwo zainteresowani wstępną wyceną? 


Pozdrawiam
Marek Pozyrewski

Re: Dependancy broken on apache2-dev with libldap-2.4-2 (libaprutil1-dev)

[Yadd]

Le Lundi, Mai 30, 2022 10:34 CEST, Vincent GUESNARD 
 a écrit:
> Hello,
>
> First, thanks you very much for all you did and do for Apache2, it's a real 
> amazing job.
>
> It's my first report, so i apologize if it's not < the good manner >.
>
> This security release : 
> https://tracker.debian.org/news/1326206/accepted-openldap-2457dfsg-3deb11u1-source-into-stable-security-embargoed-stable-security/
>  has broken apache2-dev by broking libaprutil1-dev
>
> apt install -f  apache2-dev
> Reading package lists... Done
> Building dependency tree... Done
> Reading state information... Done
> Some packages could not be installed. This may mean that you have
> requested an impossible situation or if you are using the unstable
> distribution that some required packages have not yet been created
> or been moved out of Incoming.
> The following information may help to resolve the situation:
> The following packages have unmet dependencies:
> libldap2-dev : Depends: libldap-2.4-2 (= 2.4.57+dfsg-3) but 
> 2.4.57+dfsg-3+deb11u1 is to be installed
> E: Unable to correct problems, you have held broken packages.

Hi,

1 - problem is in openldap only (fixed dependency between 2 openldap packages)
2 - this will be automatically fixed when package will be published: 
libldap-2.4 will be updated in the same time than libldap2-dev

Cheers,
Yadd

> I don't know who must be warn so i warn on 
> debian-apache@lists.debian.org hoping 
> it will be handled by the good maintainer.
>
> Nothing urgent or serious since there is a simple temporary workarround by 
> holding  2.4.57+dfsg-3+deb11u1
>
> Thanks you,
>
> Kind regards,
>
> Vincent
>
>

Dependancy broken on apache2-dev with libldap-2.4-2 (libaprutil1-dev)

[Vincent GUESNARD]

Hello,

First, thanks you very much for all you did and do for Apache2, it's a real 
amazing job.

It's my first report, so i apologize if it's not < the good manner >.

This security release : 
https://tracker.debian.org/news/1326206/accepted-openldap-2457dfsg-3deb11u1-source-into-stable-security-embargoed-stable-security/
 has broken apache2-dev by broking libaprutil1-dev

apt install -f  apache2-dev
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
libldap2-dev : Depends: libldap-2.4-2 (= 2.4.57+dfsg-3) but 
2.4.57+dfsg-3+deb11u1 is to be installed
E: Unable to correct problems, you have held broken packages.

I don't know who must be warn so i warn on 
debian-apache@lists.debian.org hoping it 
will be handled by the good maintainer.

Nothing urgent or serious since there is a simple temporary workarround by 
holding  2.4.57+dfsg-3+deb11u1

Thanks you,

Kind regards,

Vincent

apr is marked for autoremoval from testing

[Debian testing autoremoval watch]

apr 1.7.0-8 is marked for autoremoval from testing on 2022-06-30

It (build-)depends on packages with these RC bugs:
1011146: nvidia-graphics-drivers-tesla-470: CVE-2022-28181, CVE-2022-28183, 
CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
 https://bugs.debian.org/1011146



This mail is generated by:
https://salsa.debian.org/release-team/release-tools/-/blob/master/mailer/mail_autoremovals.pl

Autoremoval data is generated by:
https://salsa.debian.org/qa/udd/-/blob/master/udd/testing_autoremovals_gatherer.pl

apr-util is marked for autoremoval from testing

[Debian testing autoremoval watch]

apr-util 1.6.1-5 is marked for autoremoval from testing on 2022-06-30

It (build-)depends on packages with these RC bugs:
1011146: nvidia-graphics-drivers-tesla-470: CVE-2022-28181, CVE-2022-28183, 
CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
 https://bugs.debian.org/1011146



This mail is generated by:
https://salsa.debian.org/release-team/release-tools/-/blob/master/mailer/mail_autoremovals.pl

Autoremoval data is generated by:
https://salsa.debian.org/qa/udd/-/blob/master/udd/testing_autoremovals_gatherer.pl

apache2 is marked for autoremoval from testing

[Debian testing autoremoval watch]

apache2 2.4.53-2 is marked for autoremoval from testing on 2022-06-30

It (build-)depends on packages with these RC bugs:
1011146: nvidia-graphics-drivers-tesla-470: CVE-2022-28181, CVE-2022-28183, 
CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
 https://bugs.debian.org/1011146



This mail is generated by:
https://salsa.debian.org/release-team/release-tools/-/blob/master/mailer/mail_autoremovals.pl

Autoremoval data is generated by:
https://salsa.debian.org/qa/udd/-/blob/master/udd/testing_autoremovals_gatherer.pl

ssl-cert is marked for autoremoval from testing

[Debian testing autoremoval watch]

ssl-cert 1.1.2 is marked for autoremoval from testing on 2022-06-30

It (build-)depends on packages with these RC bugs:
1011146: nvidia-graphics-drivers-tesla-470: CVE-2022-28181, CVE-2022-28183, 
CVE-2022-28184, CVE-2022-28185, CVE-2022-28191, CVE-2022-28192
 https://bugs.debian.org/1011146



This mail is generated by:
https://salsa.debian.org/release-team/release-tools/-/blob/master/mailer/mail_autoremovals.pl

Autoremoval data is generated by:
https://salsa.debian.org/qa/udd/-/blob/master/udd/testing_autoremovals_gatherer.pl

apache2_2.4.53-2~bpo10+1_amd64.changes ACCEPTED into oldstable-backports-sloppy->backports-policy, oldstable-backports-sloppy

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 03 May 2022 10:59:27 +0200
Source: apache2
Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-data apache2-dev 
apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym 
apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils 
apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: source amd64 all
Version: 2.4.53-2~bpo10+1
Distribution: buster-backports-sloppy
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Yadd 
Description:
 apache2- Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for 
mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for 
mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Changes:
 apache2 (2.4.53-2~bpo10+1) buster-backports-sloppy; urgency=medium
 .
   * Rebuild for buster-backports.
Checksums-Sha1:
 e2330eae216365e3f02bd816ee8127c47334a260 3520 apache2_2.4.53-2~bpo10+1.dsc
 350d6c5304f5e8174eb102b0b4b8e8eed30e0f78 900452 
apache2_2.4.53-2~bpo10+1.debian.tar.xz
 30f96204fddcecf5a9b8e21a9cd5c599e216ff87 3916680 
apache2-bin-dbgsym_2.4.53-2~bpo10+1_amd64.deb
 af641fd1af9e1b63d572d0e0a7e6a62c8f909440 1404564 
apache2-bin_2.4.53-2~bpo10+1_amd64.deb
 4d621d823c9e28e58f92a1ff936869d6ec7a 159884 
apache2-data_2.4.53-2~bpo10+1_all.deb
 bb04ee7423975a14ec2a3fba982e33072b6defed 362108 
apache2-dev_2.4.53-2~bpo10+1_amd64.deb
 0f51cde1ecb23a51ccca9c0381f0b25aa07a0239 4059832 
apache2-doc_2.4.53-2~bpo10+1_all.deb
 06494bca72fc306d5f1a1fc62a9d0e651956271d 3112 
apache2-ssl-dev_2.4.53-2~bpo10+1_amd64.deb
 b03ce5c756b182e5a8ea2f978ae957f26c2db091 12656 
apache2-suexec-custom-dbgsym_2.4.53-2~bpo10+1_amd64.deb
 583faea5737a0cb44bd3b34017d669000e4c8fcc 193024 
apache2-suexec-custom_2.4.53-2~bpo10+1_amd64.deb
 4c7e4de1eb568d0f4c8e8d4604aabf904c987f7d 11440 
apache2-suexec-pristine-dbgsym_2.4.53-2~bpo10+1_amd64.deb
 d0da1af9749f89612af1410f2461617013db3613 192196 
apache2-suexec-pristine_2.4.53-2~bpo10+1_amd64.deb
 4adc7e4b1fee9983910965505bcdc0ebe7bf3fbb 124072 
apache2-utils-dbgsym_2.4.53-2~bpo10+1_amd64.deb
 47dd69a33845c86cac92f5bf8a8a051ba95c1161 259100 
apache2-utils_2.4.53-2~bpo10+1_amd64.deb
 febff631c321268fe1ec0637ae3fef7b441ffc77 12173 
apache2_2.4.53-2~bpo10+1_amd64.buildinfo
 55649028bffb67a012479cd1366722f3c1f30a88 273800 
apache2_2.4.53-2~bpo10+1_amd64.deb
 5d4ca2b68cde6638401f1a417f03933627c8caf8 956 
libapache2-mod-md_2.4.53-2~bpo10+1_amd64.deb
 0c8bf1e70daf3afa706265f21ee3f3d62033403e 1132 
libapache2-mod-proxy-uwsgi_2.4.53-2~bpo10+1_amd64.deb
Checksums-Sha256:
 16f4181343c36e170088e7b6ad94675454c86b6e753841d1e788171c5fd25140 3520 
apache2_2.4.53-2~bpo10+1.dsc
 d0a75e1371126e3ef5fd762e7b92c6b8094c56476f79d3e82dcfcf074f3829fc 900452 
apache2_2.4.53-2~bpo10+1.debian.tar.xz
 69346741894f16212e5e93df2d919bbc741e22bf7966579c34b1dc6247b0a0c5 3916680 
apache2-bin-dbgsym_2.4.53-2~bpo10+1_amd64.deb
 850a0c918f2b383168668628c24fc2dd0efa6c03ddf26670c9e17a14f54565d6 1404564 
apache2-bin_2.4.53-2~bpo10+1_amd64.deb
 60745c6a451fad83522ae9fb4e51558bee77ab43e0e99040ed4744c567490baf 159884 
apache2-data_2.4.53-2~bpo10+1_all.deb
 1a480feff7a4027537234b63ab726da8587afc1659922c8d35aec892188fff52 362108 
apache2-dev_2.4.53-2~bpo10+1_amd64.deb
 87b0d448466571d3e832922e1c0bc0c83156a298ea99f9a63fa80010180b1d6b 4059832 
apache2-doc_2.4.53-2~bpo10+1_all.deb
 11ce8597bb69b15b684cfcd55c415a8036905a202fd2534aba663968c0a3d2b2 3112 
apache2-ssl-dev_2.4.53-2~bpo10+1_amd64.deb
 bf7399d72785335986e1a909a6801bad7021e72e22579fe13485061f223f9dc3 12656 
apache2-suexec-custom-dbgsym_2.4.53-2~bpo10+1_amd64.deb
 875ff0fa709959c37ee0fde2044bde1c43ace2a5bf2a4129fe3b5703fd07da17 193024 
apache2-suexec-custom_2.4.53-2~bpo10+1_amd64.deb
 6dc3ff0947b29fc0e59d5d2583601bcc87c685ef420c215b9799fa967019be55 11440 
apache2-suexec-pristine-dbgsym_2.4.53-2~bpo10+1_amd64.deb
 a788ae9e3b83a9b0d8831a63463b3e38280bc59c99dfddfb358fd36011edae5c 192196 
apache2-suexec-pristine_2.4.53-2~bpo10+1_amd64.deb
 733e6bbf461360465817597fc00791b577749a3d2bc82df05cd8cd09770f64b3 124072 
apache2-utils-dbgsym_2.4.53-2~bpo10+1_amd64.deb
 ff45092daf15697cdc90a51c642902d0d76fca952bad3865cece89456908b488 259100 
apache2-utils_2.4.53-2~bpo10+1_amd64.deb
 a68443ed8c2a17c700ccbb8066f405a0b5aa5cad58e28e22f59cfa508b5f0fc3 12173 
apache2_2.4.53-2~bpo10+1_amd64.buildinfo
 5c6c2e574194e87241427f808cad01a668f61212f26a52d4575cfc0c878118c0 273800 
apache2_2.4.53-2~bpo10+1_amd64.deb
 

apache2_2.4.53-2~bpo10+1_amd64.changes ACCEPTED into oldstable-backports-sloppy->backports-policy

[Debian FTP Masters]

Mapping buster-backports-sloppy to oldstable-backports-sloppy.

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 03 May 2022 10:59:27 +0200
Source: apache2
Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-data apache2-dev 
apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym 
apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils 
apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: source amd64 all
Version: 2.4.53-2~bpo10+1
Distribution: buster-backports-sloppy
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Yadd 
Description:
 apache2- Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for 
mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for 
mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Changes:
 apache2 (2.4.53-2~bpo10+1) buster-backports-sloppy; urgency=medium
 .
   * Rebuild for buster-backports.
Checksums-Sha1:
 e2330eae216365e3f02bd816ee8127c47334a260 3520 apache2_2.4.53-2~bpo10+1.dsc
 350d6c5304f5e8174eb102b0b4b8e8eed30e0f78 900452 
apache2_2.4.53-2~bpo10+1.debian.tar.xz
 30f96204fddcecf5a9b8e21a9cd5c599e216ff87 3916680 
apache2-bin-dbgsym_2.4.53-2~bpo10+1_amd64.deb
 af641fd1af9e1b63d572d0e0a7e6a62c8f909440 1404564 
apache2-bin_2.4.53-2~bpo10+1_amd64.deb
 4d621d823c9e28e58f92a1ff936869d6ec7a 159884 
apache2-data_2.4.53-2~bpo10+1_all.deb
 bb04ee7423975a14ec2a3fba982e33072b6defed 362108 
apache2-dev_2.4.53-2~bpo10+1_amd64.deb
 0f51cde1ecb23a51ccca9c0381f0b25aa07a0239 4059832 
apache2-doc_2.4.53-2~bpo10+1_all.deb
 06494bca72fc306d5f1a1fc62a9d0e651956271d 3112 
apache2-ssl-dev_2.4.53-2~bpo10+1_amd64.deb
 b03ce5c756b182e5a8ea2f978ae957f26c2db091 12656 
apache2-suexec-custom-dbgsym_2.4.53-2~bpo10+1_amd64.deb
 583faea5737a0cb44bd3b34017d669000e4c8fcc 193024 
apache2-suexec-custom_2.4.53-2~bpo10+1_amd64.deb
 4c7e4de1eb568d0f4c8e8d4604aabf904c987f7d 11440 
apache2-suexec-pristine-dbgsym_2.4.53-2~bpo10+1_amd64.deb
 d0da1af9749f89612af1410f2461617013db3613 192196 
apache2-suexec-pristine_2.4.53-2~bpo10+1_amd64.deb
 4adc7e4b1fee9983910965505bcdc0ebe7bf3fbb 124072 
apache2-utils-dbgsym_2.4.53-2~bpo10+1_amd64.deb
 47dd69a33845c86cac92f5bf8a8a051ba95c1161 259100 
apache2-utils_2.4.53-2~bpo10+1_amd64.deb
 febff631c321268fe1ec0637ae3fef7b441ffc77 12173 
apache2_2.4.53-2~bpo10+1_amd64.buildinfo
 55649028bffb67a012479cd1366722f3c1f30a88 273800 
apache2_2.4.53-2~bpo10+1_amd64.deb
 5d4ca2b68cde6638401f1a417f03933627c8caf8 956 
libapache2-mod-md_2.4.53-2~bpo10+1_amd64.deb
 0c8bf1e70daf3afa706265f21ee3f3d62033403e 1132 
libapache2-mod-proxy-uwsgi_2.4.53-2~bpo10+1_amd64.deb
Checksums-Sha256:
 16f4181343c36e170088e7b6ad94675454c86b6e753841d1e788171c5fd25140 3520 
apache2_2.4.53-2~bpo10+1.dsc
 d0a75e1371126e3ef5fd762e7b92c6b8094c56476f79d3e82dcfcf074f3829fc 900452 
apache2_2.4.53-2~bpo10+1.debian.tar.xz
 69346741894f16212e5e93df2d919bbc741e22bf7966579c34b1dc6247b0a0c5 3916680 
apache2-bin-dbgsym_2.4.53-2~bpo10+1_amd64.deb
 850a0c918f2b383168668628c24fc2dd0efa6c03ddf26670c9e17a14f54565d6 1404564 
apache2-bin_2.4.53-2~bpo10+1_amd64.deb
 60745c6a451fad83522ae9fb4e51558bee77ab43e0e99040ed4744c567490baf 159884 
apache2-data_2.4.53-2~bpo10+1_all.deb
 1a480feff7a4027537234b63ab726da8587afc1659922c8d35aec892188fff52 362108 
apache2-dev_2.4.53-2~bpo10+1_amd64.deb
 87b0d448466571d3e832922e1c0bc0c83156a298ea99f9a63fa80010180b1d6b 4059832 
apache2-doc_2.4.53-2~bpo10+1_all.deb
 11ce8597bb69b15b684cfcd55c415a8036905a202fd2534aba663968c0a3d2b2 3112 
apache2-ssl-dev_2.4.53-2~bpo10+1_amd64.deb
 bf7399d72785335986e1a909a6801bad7021e72e22579fe13485061f223f9dc3 12656 
apache2-suexec-custom-dbgsym_2.4.53-2~bpo10+1_amd64.deb
 875ff0fa709959c37ee0fde2044bde1c43ace2a5bf2a4129fe3b5703fd07da17 193024 
apache2-suexec-custom_2.4.53-2~bpo10+1_amd64.deb
 6dc3ff0947b29fc0e59d5d2583601bcc87c685ef420c215b9799fa967019be55 11440 
apache2-suexec-pristine-dbgsym_2.4.53-2~bpo10+1_amd64.deb
 a788ae9e3b83a9b0d8831a63463b3e38280bc59c99dfddfb358fd36011edae5c 192196 
apache2-suexec-pristine_2.4.53-2~bpo10+1_amd64.deb
 733e6bbf461360465817597fc00791b577749a3d2bc82df05cd8cd09770f64b3 124072 
apache2-utils-dbgsym_2.4.53-2~bpo10+1_amd64.deb
 ff45092daf15697cdc90a51c642902d0d76fca952bad3865cece89456908b488 259100 
apache2-utils_2.4.53-2~bpo10+1_amd64.deb
 a68443ed8c2a17c700ccbb8066f405a0b5aa5cad58e28e22f59cfa508b5f0fc3 12173 
apache2_2.4.53-2~bpo10+1_amd64.buildinfo
 5c6c2e574194e87241427f808cad01a668f61212f26a52d4575cfc0c878118c0 273800 

Processing of apache2_2.4.53-2~bpo10+1_amd64.changes

[Debian FTP Masters]

apache2_2.4.53-2~bpo10+1_amd64.changes uploaded successfully to localhost
along with the files:
  apache2_2.4.53-2~bpo10+1.dsc
  apache2_2.4.53-2~bpo10+1.debian.tar.xz
  apache2-bin-dbgsym_2.4.53-2~bpo10+1_amd64.deb
  apache2-bin_2.4.53-2~bpo10+1_amd64.deb
  apache2-data_2.4.53-2~bpo10+1_all.deb
  apache2-dev_2.4.53-2~bpo10+1_amd64.deb
  apache2-doc_2.4.53-2~bpo10+1_all.deb
  apache2-ssl-dev_2.4.53-2~bpo10+1_amd64.deb
  apache2-suexec-custom-dbgsym_2.4.53-2~bpo10+1_amd64.deb
  apache2-suexec-custom_2.4.53-2~bpo10+1_amd64.deb
  apache2-suexec-pristine-dbgsym_2.4.53-2~bpo10+1_amd64.deb
  apache2-suexec-pristine_2.4.53-2~bpo10+1_amd64.deb
  apache2-utils-dbgsym_2.4.53-2~bpo10+1_amd64.deb
  apache2-utils_2.4.53-2~bpo10+1_amd64.deb
  apache2_2.4.53-2~bpo10+1_amd64.buildinfo
  apache2_2.4.53-2~bpo10+1_amd64.deb
  libapache2-mod-md_2.4.53-2~bpo10+1_amd64.deb
  libapache2-mod-proxy-uwsgi_2.4.53-2~bpo10+1_amd64.deb

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

Bug#1010455: Should apache2.README.Debian refer to apache-htcacheclean ?

[u34]

Source: apache2
Version: 2.4.53-2
Tags: patch
Severity: minor

Sort of a patch. Refering to 
https://salsa.debian.org/apache-team/apache2/-/blob/master/debian/apache2.README.Debian

Line 193 refers to '/etc/default/apache2'.
Shouldn't that be '/etc/default/apache-htcacheclean' ?

The context is the configuration file for using mod_cache_disk.

--
u34

Zagospodarowanie miejsc magazynowych

[Marek Pozyrewski]

Dzień dobry, 

czy interesują Państwo regały magazynowe, które pozwolą odpowiednio 
zagospodarować i całościowo wykorzystać przestrzeń hali? 

Kontaktuję się ponieważ mogę zaproponować Państwu wytrzymałe i stabilne regały, 
szafy oraz pojemniki, a także skrzyniopalety i kontenery samowyładowcze.

Jeżeli zależy Państwu na bezpiecznym i wygodnym składowaniu towarów, produktów 
i półfabrykatów, nasze rozwiązania zagwarantują firmie efektywne wykorzystanie 
dostępnej przestrzeni.

Ze swojej strony zapewniamy transport oraz długoletnią gwarancję.
 
Czy byliby Państwo zainteresowani wstępną wyceną? 


Pozdrawiam
Marek Pozyrewski

Zagospodarowanie miejsc magazynowych

[Marcel Balicki]

Dzień dobry, 

czy interesują Państwo regały magazynowe, które pozwolą odpowiednio 
zagospodarować i całościowo wykorzystać przestrzeń hali? 

Kontaktuję się ponieważ mogę zaproponować Państwu wytrzymałe i stabilne regały, 
szafy oraz pojemniki, a także skrzyniopalety i kontenery samowyładowcze.

Jeżeli zależy Państwu na bezpiecznym i wygodnym składowaniu towarów, produktów 
i półfabrykatów, nasze rozwiązania zagwarantują firmie efektywne wykorzystanie 
dostępnej przestrzeni.

Ze swojej strony zapewniamy transport oraz długoletnią gwarancję.
 
Czy byliby Państwo zainteresowani wstępną wyceną? 


Pozdrawiam
Marcel Balicki

Servicio de la flota

[Miguel Rodríguez García]

Buenos días:

Le escribo para hablarle sobre una de las mejores herramientas GPS en el 
mercado.

La herramienta, que me gustaría presentarle brevemente, dispone de muchas 
funciones útiles para su trabajo, que optimizan los procesos de transporte y le 
ayudan a realizar tareas de campo de manera más eficiente.

¿Quiere conocer los detalles?


Atentamente,
Miguel Rodríguez García

apache2_2.4.53-2~bpo10+1_sourceonly.changes REJECTED

[Debian FTP Masters]

Not in stable, you probably want -sloppy




===

Please feel free to respond to this email if you don't understand why
your files were rejected, or if you upload new files which address our
concerns.

Fotowoltaika - nowe warunki

[Aleksy Urbański]

Dzień dobry,

jeszcze w pierwszej połowie 2022 roku wzrosną ceny za wykup energii dla 
posiadaczy fotowoltaiki. 

Aby uniknąć umowy na nowych zasadach trzeba zdecydować się na instalację paneli 
PV do końca marca. 

Jako firma specjalizująca się w montażu i serwisie fotowoltaiki chętnie 
podejmiemy się realizacji całego projektu. Są Państwo zainteresowani?


Pozdrawiam,
Aleksy Urbański

apache2_2.4.53-1~deb11u1_sourceonly.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 14 Mar 2022 17:28:35 +0100
Source: apache2
Architecture: source
Version: 2.4.53-1~deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Yadd 
Changes:
 apache2 (2.4.53-1~deb11u1) bullseye; urgency=medium
 .
   * New upstream version 2.4.53 (Closes: CVE-2022-22719,
 CVE-2022-22720, CVE-2022-22721, CVE-2022-23943)
   * Update copyright
   * Drop fix-2.4.52-regression.patch, now included in upstream
   * Refresh fhs_compliance.patch
   * Update test framework (fixes autopkgtest)
Checksums-Sha1: 
 c97574c7fde2000643cdad20432184548597d914 3539 apache2_2.4.53-1~deb11u1.dsc
 e4c6fddc48fd4494fc463d2a00577c7ce719aaab 9726558 apache2_2.4.53.orig.tar.gz
 eca575090672dedac90c2ddfdba67d3bb6aac48b 874 apache2_2.4.53.orig.tar.gz.asc
 fdc28b93d828fa9c0924cd64b2d2a57ed66493eb 894656 
apache2_2.4.53-1~deb11u1.debian.tar.xz
Checksums-Sha256: 
 f94e2dfad2f1b18f1fae4a90a6541d1246d90542f6e8318c9f6d7e11ddef9794 3539 
apache2_2.4.53-1~deb11u1.dsc
 7a045e8e653aaf931f9667f3a7e1943bd81306bf908f316465f737a854d10c16 9726558 
apache2_2.4.53.orig.tar.gz
 505579638b9b267dcb6808efe0965358cd457f5a28f6f42e079438eb7d9e4d6b 874 
apache2_2.4.53.orig.tar.gz.asc
 0e74e8fce2f405ee2fecd2cd9275a5f30ddfd91581f0a67568d0a6ed275da2a0 894656 
apache2_2.4.53-1~deb11u1.debian.tar.xz
Files: 
 57dc5f3ae40d481b459e2517a01195d1 3539 httpd optional 
apache2_2.4.53-1~deb11u1.dsc
 fbc10dfafdf8da2bdf8fc1c2a2e4e133 9726558 httpd optional 
apache2_2.4.53.orig.tar.gz
 e79ff39b546d1854df3ace910df64edf 874 httpd optional 
apache2_2.4.53.orig.tar.gz.asc
 5360449a088c8184b73c731fa259cc1d 894656 httpd optional 
apache2_2.4.53-1~deb11u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmI2EHkACgkQ9tdMp8mZ
7ukcHw/9Ht3V7rsFIe9ggHdnUCmhj6tJ4Fr0D81RWl5vDLAhJeL3+hx/4Emm/cZY
WZ/p6QA8DhsUX52gBoJ9UbhUAu49kVL5jB7KNUOoYZ4K4cHeejQG1U0UJTug00Ps
kwirk82MjsTbIn2cJOsiU04XbeV/BMyki4TRR5mcJ843E5uwzPLXNcAH9diHLIYn
w9G4f3qXmJflmpvAayq4SrphvBBvujBpBsosQxYaVt9YG317GlK3iNsQ/W8BNZE0
n86gIhSOzACqkzeSQIzkQ/LZ5aJpRtCMudmVS14YHgcJ1AL9WF5YvWiUboMOw6ud
yMw32vetuUUwyBCAbyxWcwp7gwCuzv9RIrRnBzpHjTPfZUc4/FLzIUD3tRlU/Ckw
rUcUa+0EiMHppdQw7kyt5rAY6MsYgmG7tGikxX18Sv5XbW0i0tO/zfiQlKio7rhB
Sc50dpboexQ7tvftg+aLClIf5i34ZTX+H6ylhhhbbYVouL0PugnBRW3gM3+91mnk
GdkV9NeHzwOfgwhgZcTRMxcRPRKExn+hTEM1pXpYnupvDUdhJHrPrjQQUSyt03he
Lnnynftc6zc+ddxw51U5RDQvZfYNqe35cAA/LQ05HYxi4wbVbCyg3XmHH41K4BIl
Q2FT1KLWqnL+QdVfKdpzr70Jlcazx5/rgdLlMIrtlmJoyO6O3Gw=
=U3pK
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

apache2_2.4.53-1~deb11u1_sourceonly.changes ACCEPTED into proposed-updates->stable-new

[Debian FTP Masters]

Mapping bullseye to stable.
Mapping stable to proposed-updates.

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 14 Mar 2022 17:28:35 +0100
Source: apache2
Architecture: source
Version: 2.4.53-1~deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Yadd 
Changes:
 apache2 (2.4.53-1~deb11u1) bullseye; urgency=medium
 .
   * New upstream version 2.4.53 (Closes: CVE-2022-22719,
 CVE-2022-22720, CVE-2022-22721, CVE-2022-23943)
   * Update copyright
   * Drop fix-2.4.52-regression.patch, now included in upstream
   * Refresh fhs_compliance.patch
   * Update test framework (fixes autopkgtest)
Checksums-Sha1: 
 c97574c7fde2000643cdad20432184548597d914 3539 apache2_2.4.53-1~deb11u1.dsc
 e4c6fddc48fd4494fc463d2a00577c7ce719aaab 9726558 apache2_2.4.53.orig.tar.gz
 eca575090672dedac90c2ddfdba67d3bb6aac48b 874 apache2_2.4.53.orig.tar.gz.asc
 fdc28b93d828fa9c0924cd64b2d2a57ed66493eb 894656 
apache2_2.4.53-1~deb11u1.debian.tar.xz
Checksums-Sha256: 
 f94e2dfad2f1b18f1fae4a90a6541d1246d90542f6e8318c9f6d7e11ddef9794 3539 
apache2_2.4.53-1~deb11u1.dsc
 7a045e8e653aaf931f9667f3a7e1943bd81306bf908f316465f737a854d10c16 9726558 
apache2_2.4.53.orig.tar.gz
 505579638b9b267dcb6808efe0965358cd457f5a28f6f42e079438eb7d9e4d6b 874 
apache2_2.4.53.orig.tar.gz.asc
 0e74e8fce2f405ee2fecd2cd9275a5f30ddfd91581f0a67568d0a6ed275da2a0 894656 
apache2_2.4.53-1~deb11u1.debian.tar.xz
Files: 
 57dc5f3ae40d481b459e2517a01195d1 3539 httpd optional 
apache2_2.4.53-1~deb11u1.dsc
 fbc10dfafdf8da2bdf8fc1c2a2e4e133 9726558 httpd optional 
apache2_2.4.53.orig.tar.gz
 e79ff39b546d1854df3ace910df64edf 874 httpd optional 
apache2_2.4.53.orig.tar.gz.asc
 5360449a088c8184b73c731fa259cc1d 894656 httpd optional 
apache2_2.4.53-1~deb11u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmI2EHkACgkQ9tdMp8mZ
7ukcHw/9Ht3V7rsFIe9ggHdnUCmhj6tJ4Fr0D81RWl5vDLAhJeL3+hx/4Emm/cZY
WZ/p6QA8DhsUX52gBoJ9UbhUAu49kVL5jB7KNUOoYZ4K4cHeejQG1U0UJTug00Ps
kwirk82MjsTbIn2cJOsiU04XbeV/BMyki4TRR5mcJ843E5uwzPLXNcAH9diHLIYn
w9G4f3qXmJflmpvAayq4SrphvBBvujBpBsosQxYaVt9YG317GlK3iNsQ/W8BNZE0
n86gIhSOzACqkzeSQIzkQ/LZ5aJpRtCMudmVS14YHgcJ1AL9WF5YvWiUboMOw6ud
yMw32vetuUUwyBCAbyxWcwp7gwCuzv9RIrRnBzpHjTPfZUc4/FLzIUD3tRlU/Ckw
rUcUa+0EiMHppdQw7kyt5rAY6MsYgmG7tGikxX18Sv5XbW0i0tO/zfiQlKio7rhB
Sc50dpboexQ7tvftg+aLClIf5i34ZTX+H6ylhhhbbYVouL0PugnBRW3gM3+91mnk
GdkV9NeHzwOfgwhgZcTRMxcRPRKExn+hTEM1pXpYnupvDUdhJHrPrjQQUSyt03he
Lnnynftc6zc+ddxw51U5RDQvZfYNqe35cAA/LQ05HYxi4wbVbCyg3XmHH41K4BIl
Q2FT1KLWqnL+QdVfKdpzr70Jlcazx5/rgdLlMIrtlmJoyO6O3Gw=
=U3pK
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

Processing of apache2_2.4.53-2~bpo10+1_sourceonly.changes

[Debian FTP Masters]

apache2_2.4.53-2~bpo10+1_sourceonly.changes uploaded successfully to localhost
along with the files:
  apache2_2.4.53-2~bpo10+1.dsc
  apache2_2.4.53-2~bpo10+1.debian.tar.xz

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

Processing of apache2_2.4.53-1~deb11u1_sourceonly.changes

[Debian FTP Masters]

apache2_2.4.53-1~deb11u1_sourceonly.changes uploaded successfully to localhost
along with the files:
  apache2_2.4.53-1~deb11u1.dsc
  apache2_2.4.53.orig.tar.gz
  apache2_2.4.53.orig.tar.gz.asc
  apache2_2.4.53-1~deb11u1.debian.tar.xz

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

apache2_2.4.53-2_sourceonly.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 15 Mar 2022 15:27:39 +0100
Source: apache2
Architecture: source
Version: 2.4.53-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Yadd 
Closes: 1007254
Changes:
 apache2 (2.4.53-2) unstable; urgency=medium
 .
   * Clean useless Conflicts/Replace
   * apache2-dev: add missing dependency on libpcre2-dev (Closes: #1007254)
Checksums-Sha1: 
 c6e90e23af5627de150d5051bb3334ab36a9ee85 3488 apache2_2.4.53-2.dsc
 9845cdb7a6a721a0472e54a3fb16f4d3fe863fb7 900148 apache2_2.4.53-2.debian.tar.xz
Checksums-Sha256: 
 0a40fe6aec2bef495d7fe21b456bf2b99a19deebf406197c7e54deb76d90bbed 3488 
apache2_2.4.53-2.dsc
 7d3ec0188cc7736f0fc5d89c38e38547676e737bc5d6dc4c040feb42a355b7d1 900148 
apache2_2.4.53-2.debian.tar.xz
Files: 
 720483cc5f8c70924fdd157f9c872ecf 3488 httpd optional apache2_2.4.53-2.dsc
 aff18ddb6783847b866f7b274e1b0725 900148 httpd optional 
apache2_2.4.53-2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmIwo5kACgkQ9tdMp8mZ
7um8qQ//US4a/NRViSgUM4xWLgV/p3EMGNyTvyaJvTwR83lIJJ69lZBg6WE8xd7p
dGmwVZcCfepMR/wbiaa3scbwhRGOHgGJSWwkWpouQrPptNyrFuO9tyiuBCrUGBPy
4okCxiWFtChkup/FhqR+ABSEHgjSk/TdB8zyHuB01Fzu8IWYSPi29ykjGPcX40be
NHRlaeUItb2ZowgpW8u+uuCr00+r15O9b2j506upO8sGOPftWDWEDiOvlZgKIMOw
i2Sj0n9M6AkjrN/HqnDd11QH8i3vQltXxuD5D9tY4vQVk4PPWKcwiCk+w8NVTdcC
wf/EarTJlZf49Lbm+OaRJz0kFfnT+4EhadYkPGNnL6Z61/gnJr+pJTma5Bv2Pid0
MYqy8mgUY0XLo3nlvxohYjF5ECiyHKiJAKh43WOqpH4uz4X9Knb7zX0XwyNLA01b
vIiWDBZ2/mAr5SXUFY0srlCf+IYrZ9ttKYIq9KZTFI7iwDCzziDyJQGhSqfb/JiW
ZUAgsR25vV6L445ia3pKWvfJdHH8bEfUVwLMsyVVzkOnTwLBMyZXrh4iGI5peZ1q
LtTc6a+gT26erEQUW1A/WIhUZg/a1E2LceeUH/iHgkG7PLqUbCXpuC4SLGeBQOh9
jDSiXn0ZRkPgezpJ6kGzURiMWUjppbAY7HBcIb54dI/4BRC52WQ=
=iV4o
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

Processing of apache2_2.4.53-2_sourceonly.changes

[Debian FTP Masters]

apache2_2.4.53-2_sourceonly.changes uploaded successfully to localhost
along with the files:
  apache2_2.4.53-2.dsc
  apache2_2.4.53-2.debian.tar.xz

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

Bug#1007254: marked as done (apache2-dev: Missing dependency on libpcre2-dev for apxs2)

[Debian Bug Tracking System]

Your message dated Tue, 15 Mar 2022 14:45:14 +
with message-id 
and subject line Bug#1007254: fixed in apache2 2.4.53-2
has caused the Debian Bug report #1007254,
regarding apache2-dev: Missing dependency on libpcre2-dev for apxs2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1007254: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007254
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apache2-dev
Version: 2.4.53-1
Severity: serious
Tags: ftbfs
Control: affects -1 src:mod-vhost-ldap

https://buildd.debian.org/status/logs.php?pkg=mod-vhost-ldap=2.4.0-1%2Bb3

...
make[1]: Entering directory '/<>'
# Try building with per request document root and if it fails, do the normal 
build (kinda ugly, but should work)
apxs2 -Wc,-Wall -Wc,-Werror -Wc,-g -Wc,-DDEBUG 
-Wc,-DMOD_VHOST_LDAP_VERSION=\\\"mod_vhost_ldap/2.4.0\\\" 
-Wc,-DHAS_PER_REQUEST_DOCUMENT_ROOT -c -lldap_r mod_vhost_ldap.c || \
apxs2 -Wc,-Wall -Wc,-Werror -Wc,-g -Wc,-DDEBUG 
-Wc,-DMOD_VHOST_LDAP_VERSION=\\\"mod_vhost_ldap/2.4.0\\\" -c -lldap_r 
mod_vhost_ldap.c
/usr/share/apr-1.0/build/libtool  --mode=compile --tag=disable-static 
x86_64-linux-gnu-gcc -prefer-pic -pipe -g -O2 -fstack-protector-strong -Wformat 
-Werror=format-security  -Wdate-time -D_FORTIFY_SOURCE=2   -DLINUX -D_REENTRANT 
-D_GNU_SOURCE  -pthread  -I/usr/include/apache2  -I/usr/include/apr-1.0   
-I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -g -DDEBUG 
-DMOD_VHOST_LDAP_VERSION=\"mod_vhost_ldap/2.4.0\" 
-DHAS_PER_REQUEST_DOCUMENT_ROOT  -c -o mod_vhost_ldap.lo mod_vhost_ldap.c && 
touch mod_vhost_ldap.slo
libtool: compile:  x86_64-linux-gnu-gcc -pipe -g -O2 -fstack-protector-strong 
-Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -DLINUX 
-D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/apache2 
-I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -g 
-DDEBUG -DMOD_VHOST_LDAP_VERSION=\"mod_vhost_ldap/2.4.0\" 
-DHAS_PER_REQUEST_DOCUMENT_ROOT -c mod_vhost_ldap.c  -fPIC -DPIC -o 
.libs/mod_vhost_ldap.o
/usr/share/apr-1.0/build/libtool  --mode=link --tag=disable-static 
x86_64-linux-gnu-gcc -Wl,--as-needed -Wl,-z,relro -Wl,-z,now -lpcre2-8 
-L/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0-o mod_vhost_ldap.la  -lldap_r 
-rpath /usr/lib/apache2/modules -module -avoid-versionmod_vhost_ldap.lo
libtool: link: x86_64-linux-gnu-gcc -shared  -fPIC -DPIC  
.libs/mod_vhost_ldap.o   -lpcre2-8 -L/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0 
-lldap_r  -Wl,--as-needed -Wl,-z -Wl,relro -Wl,-z -Wl,now   -Wl,-soname 
-Wl,mod_vhost_ldap.so -o .libs/mod_vhost_ldap.so
/usr/bin/ld: cannot find -lpcre2-8: No such file or directory
collect2: error: ld returned 1 exit status
apxs:Error: Command failed with rc=65536
.
/usr/share/apr-1.0/build/libtool  --mode=compile --tag=disable-static 
x86_64-linux-gnu-gcc -prefer-pic -pipe -g -O2 -fstack-protector-strong -Wformat 
-Werror=format-security  -Wdate-time -D_FORTIFY_SOURCE=2   -DLINUX -D_REENTRANT 
-D_GNU_SOURCE  -pthread  -I/usr/include/apache2  -I/usr/include/apr-1.0   
-I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -g -DDEBUG 
-DMOD_VHOST_LDAP_VERSION=\"mod_vhost_ldap/2.4.0\"  -c -o mod_vhost_ldap.lo 
mod_vhost_ldap.c && touch mod_vhost_ldap.slo
libtool: compile:  x86_64-linux-gnu-gcc -pipe -g -O2 -fstack-protector-strong 
-Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -DLINUX 
-D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/apache2 
-I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -g 
-DDEBUG -DMOD_VHOST_LDAP_VERSION=\"mod_vhost_ldap/2.4.0\" -c mod_vhost_ldap.c  
-fPIC -DPIC -o .libs/mod_vhost_ldap.o
/usr/share/apr-1.0/build/libtool  --mode=link --tag=disable-static 
x86_64-linux-gnu-gcc -Wl,--as-needed -Wl,-z,relro -Wl,-z,now -lpcre2-8 
-L/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0-o mod_vhost_ldap.la  -lldap_r 
-rpath /usr/lib/apache2/modules -module -avoid-versionmod_vhost_ldap.lo
libtool: link: x86_64-linux-gnu-gcc -shared  -fPIC -DPIC  
.libs/mod_vhost_ldap.o   -lpcre2-8 -L/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0 
-lldap_r  -Wl,--as-needed -Wl,-z -Wl,relro -Wl,-z -Wl,now   -Wl,-soname 
-Wl,mod_vhost_ldap.so -o .libs/mod_vhost_ldap.so
/usr/bin/ld: cannot find -lpcre2-8: No such file or directory
collect2: error: ld returned 1 exit status
apxs:Error: Command failed with rc=65536
.
make[1]: *** [Makefile:22: mod_vhost_ldap.o] Error 1
--- End Message ---
--- Begin Message ---
Source: apache2
Source-Version: 2.4.53-2
Done: Yadd 

We believe that the bug you reported is fixed in the latest version of
apache2, which is due 

Processed: Bug#1007254 marked as pending in apache2

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #1007254 [apache2-dev] apache2-dev: Missing dependency on libpcre2-dev for 
apxs2
Ignoring request to alter tags of bug #1007254 to the same tags previously set

-- 
1007254: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007254
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Bug#1007254 marked as pending in apache2

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #1007254 [apache2-dev] apache2-dev: Missing dependency on libpcre2-dev for 
apxs2
Added tag(s) pending.

-- 
1007254: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007254
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: apache2-dev: Missing dependency on libpcre2-dev for apxs2

[Debian Bug Tracking System]

Processing control commands:

> affects -1 src:mod-vhost-ldap
Bug #1007254 [apache2-dev] apache2-dev: Missing dependency on libpcre2-dev for 
apxs2
Added indication that 1007254 affects src:mod-vhost-ldap

-- 
1007254: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007254
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1007254: apache2-dev: Missing dependency on libpcre2-dev for apxs2

[Adrian Bunk]

Package: apache2-dev
Version: 2.4.53-1
Severity: serious
Tags: ftbfs
Control: affects -1 src:mod-vhost-ldap

https://buildd.debian.org/status/logs.php?pkg=mod-vhost-ldap=2.4.0-1%2Bb3

...
make[1]: Entering directory '/<>'
# Try building with per request document root and if it fails, do the normal 
build (kinda ugly, but should work)
apxs2 -Wc,-Wall -Wc,-Werror -Wc,-g -Wc,-DDEBUG 
-Wc,-DMOD_VHOST_LDAP_VERSION=\\\"mod_vhost_ldap/2.4.0\\\" 
-Wc,-DHAS_PER_REQUEST_DOCUMENT_ROOT -c -lldap_r mod_vhost_ldap.c || \
apxs2 -Wc,-Wall -Wc,-Werror -Wc,-g -Wc,-DDEBUG 
-Wc,-DMOD_VHOST_LDAP_VERSION=\\\"mod_vhost_ldap/2.4.0\\\" -c -lldap_r 
mod_vhost_ldap.c
/usr/share/apr-1.0/build/libtool  --mode=compile --tag=disable-static 
x86_64-linux-gnu-gcc -prefer-pic -pipe -g -O2 -fstack-protector-strong -Wformat 
-Werror=format-security  -Wdate-time -D_FORTIFY_SOURCE=2   -DLINUX -D_REENTRANT 
-D_GNU_SOURCE  -pthread  -I/usr/include/apache2  -I/usr/include/apr-1.0   
-I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -g -DDEBUG 
-DMOD_VHOST_LDAP_VERSION=\"mod_vhost_ldap/2.4.0\" 
-DHAS_PER_REQUEST_DOCUMENT_ROOT  -c -o mod_vhost_ldap.lo mod_vhost_ldap.c && 
touch mod_vhost_ldap.slo
libtool: compile:  x86_64-linux-gnu-gcc -pipe -g -O2 -fstack-protector-strong 
-Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -DLINUX 
-D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/apache2 
-I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -g 
-DDEBUG -DMOD_VHOST_LDAP_VERSION=\"mod_vhost_ldap/2.4.0\" 
-DHAS_PER_REQUEST_DOCUMENT_ROOT -c mod_vhost_ldap.c  -fPIC -DPIC -o 
.libs/mod_vhost_ldap.o
/usr/share/apr-1.0/build/libtool  --mode=link --tag=disable-static 
x86_64-linux-gnu-gcc -Wl,--as-needed -Wl,-z,relro -Wl,-z,now -lpcre2-8 
-L/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0-o mod_vhost_ldap.la  -lldap_r 
-rpath /usr/lib/apache2/modules -module -avoid-versionmod_vhost_ldap.lo
libtool: link: x86_64-linux-gnu-gcc -shared  -fPIC -DPIC  
.libs/mod_vhost_ldap.o   -lpcre2-8 -L/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0 
-lldap_r  -Wl,--as-needed -Wl,-z -Wl,relro -Wl,-z -Wl,now   -Wl,-soname 
-Wl,mod_vhost_ldap.so -o .libs/mod_vhost_ldap.so
/usr/bin/ld: cannot find -lpcre2-8: No such file or directory
collect2: error: ld returned 1 exit status
apxs:Error: Command failed with rc=65536
.
/usr/share/apr-1.0/build/libtool  --mode=compile --tag=disable-static 
x86_64-linux-gnu-gcc -prefer-pic -pipe -g -O2 -fstack-protector-strong -Wformat 
-Werror=format-security  -Wdate-time -D_FORTIFY_SOURCE=2   -DLINUX -D_REENTRANT 
-D_GNU_SOURCE  -pthread  -I/usr/include/apache2  -I/usr/include/apr-1.0   
-I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -g -DDEBUG 
-DMOD_VHOST_LDAP_VERSION=\"mod_vhost_ldap/2.4.0\"  -c -o mod_vhost_ldap.lo 
mod_vhost_ldap.c && touch mod_vhost_ldap.slo
libtool: compile:  x86_64-linux-gnu-gcc -pipe -g -O2 -fstack-protector-strong 
-Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -DLINUX 
-D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/apache2 
-I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -g 
-DDEBUG -DMOD_VHOST_LDAP_VERSION=\"mod_vhost_ldap/2.4.0\" -c mod_vhost_ldap.c  
-fPIC -DPIC -o .libs/mod_vhost_ldap.o
/usr/share/apr-1.0/build/libtool  --mode=link --tag=disable-static 
x86_64-linux-gnu-gcc -Wl,--as-needed -Wl,-z,relro -Wl,-z,now -lpcre2-8 
-L/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0-o mod_vhost_ldap.la  -lldap_r 
-rpath /usr/lib/apache2/modules -module -avoid-versionmod_vhost_ldap.lo
libtool: link: x86_64-linux-gnu-gcc -shared  -fPIC -DPIC  
.libs/mod_vhost_ldap.o   -lpcre2-8 -L/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0 
-lldap_r  -Wl,--as-needed -Wl,-z -Wl,relro -Wl,-z -Wl,now   -Wl,-soname 
-Wl,mod_vhost_ldap.so -o .libs/mod_vhost_ldap.so
/usr/bin/ld: cannot find -lpcre2-8: No such file or directory
collect2: error: ld returned 1 exit status
apxs:Error: Command failed with rc=65536
.
make[1]: *** [Makefile:22: mod_vhost_ldap.o] Error 1

apache2_2.4.53-1_sourceonly.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 14 Mar 2022 17:10:39 +0100
Source: apache2
Architecture: source
Version: 2.4.53-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Yadd 
Changes:
 apache2 (2.4.53-1) unstable; urgency=medium
 .
   * New upstream version 2.4.53 (Closes: CVE-2022-22719,
 CVE-2022-22720, CVE-2022-22721, CVE-2022-23943)
   * Update copyright
   * Patches:
 + Drop fix-2.4.52-regression.patch, now included in upstream
 + Refresh fhs_compliance.patch
 + Update and disable child_processes_fail_to_start.patch
   * Update test framework
   * Back to unstable
Checksums-Sha1: 
 d8d45d9bcd26b6fcaa675151bcb6180261f6f370 3488 apache2_2.4.53-1.dsc
 e4c6fddc48fd4494fc463d2a00577c7ce719aaab 9726558 apache2_2.4.53.orig.tar.gz
 eca575090672dedac90c2ddfdba67d3bb6aac48b 874 apache2_2.4.53.orig.tar.gz.asc
 54084bbc2a9dcd99715217f378a8c3aa39f7c798 899280 apache2_2.4.53-1.debian.tar.xz
Checksums-Sha256: 
 26d817b49a9e45ec2572241c17e46f409ff581aae2e973c4c3b643af6380a176 3488 
apache2_2.4.53-1.dsc
 7a045e8e653aaf931f9667f3a7e1943bd81306bf908f316465f737a854d10c16 9726558 
apache2_2.4.53.orig.tar.gz
 505579638b9b267dcb6808efe0965358cd457f5a28f6f42e079438eb7d9e4d6b 874 
apache2_2.4.53.orig.tar.gz.asc
 fdc154824bc8c42828d5295ea2f8811d5c744793380fcb0943319d331f112d27 899280 
apache2_2.4.53-1.debian.tar.xz
Files: 
 c313066a67bde5cd6c93c38f4d6b0bd1 3488 httpd optional apache2_2.4.53-1.dsc
 fbc10dfafdf8da2bdf8fc1c2a2e4e133 9726558 httpd optional 
apache2_2.4.53.orig.tar.gz
 e79ff39b546d1854df3ace910df64edf 874 httpd optional 
apache2_2.4.53.orig.tar.gz.asc
 de6bc3becb3b87eed4e254be84d7d69a 899280 httpd optional 
apache2_2.4.53-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmIva4IACgkQ9tdMp8mZ
7uljqRAAjmGSq4ZotGwJNPXxI9PP+720/NeNFYufhILhE7xV/k2CbbLrPnVd2bJh
bIKyh5tHOR+0UZut8nvKrmR2LJ7XlgDhQZyEPmrjPcDPS4/Cf4g4ahjdoxp71pTS
qpS9PGFFC/jJirPlexWW7yeiya33u86yyWuHzEiv/TYG8f9LF6IebWLxTc6DbPMd
fax79uNSAidh+3ZV+8sXJfbXtL+1SJrukYW+bs2Y5kb/9JukZKds0CJlVoFpfxm6
NoEJ14mNzz2jj8eLfEg8comeF5VHVwGgEBv9MwRq2ILNNTw2lgJJkhONlgoudPCK
IdW5wAJGgBbsQOYBGj4ADnoReYImPCcyvPclQBuZkt7g8I4VpaVllPCflcUmEi6s
5OXeaTTofYg7p1mQnLJZZCIaXrvPb+eRQRoXbZV2ZfUWeyvK1WC0htwSAQDzuCA0
uR1Zr0iMGbkVX7RNrIeLOuqLKz5VFt4jXYT3SXAChNDT19Huf7X4mF3tCf3J2X1r
Y/SLnh6vAr9d7cgXYoEJKILaYhaT/7skMinf2V7eFARDMuD85aqXQH8GkmJ1KYHi
HNf3khZ3FD/rgyCp9hwjpyKKmWlCDvBF3XXSK+M+MPHhHM9/VdrXr5J2D4v70g3G
e3N8FffU23x3Z793j3m3hs7sCK0oo9e9KSSvIZoX3FZ7T4ErqvQ=
=AX/O
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

Processing of apache2_2.4.53-1_sourceonly.changes

[Debian FTP Masters]

apache2_2.4.53-1_sourceonly.changes uploaded successfully to localhost
along with the files:
  apache2_2.4.53-1.dsc
  apache2_2.4.53.orig.tar.gz
  apache2_2.4.53.orig.tar.gz.asc
  apache2_2.4.53-1.debian.tar.xz

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

Servicio de la flota

[Miguel Rodríguez García]

Buenos días:

Le escribo para hablarle sobre una de las mejores herramientas GPS en el 
mercado.

La herramienta, que me gustaría presentarle brevemente, dispone de muchas 
funciones útiles para su trabajo, que optimizan los procesos de transporte y le 
ayudan a realizar tareas de campo de manera más eficiente.

¿Quiere conocer los detalles?


Atentamente,
Miguel Rodríguez García

Bug#1006865: apr-util: reproducible-builds: build path embedded in /usr/bin/apu-1-config

[Vagrant Cascadian]

Source: apr-util
Severity: normal
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org

The build path is embedded in /usr/bin/apu-1-config:

│ │ │ ├── ./usr/bin/apu-1-config
...
│ │ │ │ -APU_SOURCE_DIR="/tmp/reprotest.jdjFQN/const_build_path"
│ │ │ │ -APU_BUILD_DIR="/tmp/reprotest.jdjFQN/const_build_path/debian/build"
│ │ │ │ +APU_SOURCE_DIR="/tmp/reprotest.jdjFQN/build-experiment-1"
│ │ │ │ +APU_BUILD_DIR="/tmp/reprotest.jdjFQN/build-experiment-1/debian/build"

The attached patch fixes this by replacing the build path with
"BUILDPATH" from debian/rules in the dh_auto_install override.


With this patch applied apr-util should build reproducibly on
tests.reproducible-builds.org!


Thanks for maintaining apr-util!


live well,
  vagrant
From b9630fd99bc03933dae86606a5dd94429ebf9aa1 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian 
Date: Mon, 7 Mar 2022 01:23:37 +
Subject: [PATCH] debian/rules: Remove the build path from apt-1-config.

https://reproducible-builds.org/docs/build-path/
---
 debian/rules | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/debian/rules b/debian/rules
index 6b0ed29..510610c 100755
--- a/debian/rules
+++ b/debian/rules
@@ -105,6 +105,8 @@ endif
 override_dh_auto_install:
 	dh_auto_install --destdir=debian/tmp
 	perl -p -i -e "s,^dependency_libs=.*,dependency_libs=''," debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libaprutil-1.la
+	# Remove the buildpath: https://reproducible-builds.org/docs/build-path/
+	perl -p -i -e "s,$(CURDIR),BUILDPATH," debian/tmp/usr/bin/apu-1-config
 
 override_dh_strip:
 	dh_strip --dbgsym-migration='libaprutil1-dbg (<= 1.6.1-3)'
-- 
2.35.1



signature.asc
Description: PGP signature

Koszty instalacji fotowoltaicznej

[Arkadiusz Sokołowski]

Dzień dobry,

stworzyliśmy specjalną ofertę dla firm, na kompleksową obsługę inwestycji w 
fotowoltaikę.  

Specjalizujemy się w zakresie doboru, montażu i serwisie instalacji 
fotowoltaicznych, dysponujemy najnowocześniejszymi rozwiązania, które zapewnią 
Państwu oczekiwane rezultaty.

Możemy przygotować dla Państwa wstępną kalkulację i przeanalizować efekty 
możliwe do osiągnięcia.

Czy są Państwo otwarci na wstępną rozmowę w tym temacie?


Pozdrawiam
Arkadiusz Sokołowski

Consulta Foesco

[Grupo Foesco]

Buenos días



Desde FOESCO estamos realizando la presente consulta a todas las empresas 
españolas.

Querriamos saber si precisáis realizar formación bonificable para vuestros 
empleados este año?

Podemos mandaros la información correspondiente a la actual convocatoria, 
contactar con vosotros por teléfono para informaros o bien podéis indicarnos en 
que mes del año queréis realizar la formación.


Todos los cursos impartidos son 100% Bonificables con cargo al Crédito de 
Formación 2022.



Quedamos a la espera de vuestra respuesta.


Un cordial saludo.


Departamento de Formación Bonificable
FOESCO Formación Estatal Continua.
Empresa inscrita en el Registro de empresas de Formación.

www.foesco.com
Tel:  910 323 794

(Horario de 9h a 15h y de 17h a 20h de Lunes a Viernes)

FOESCO ofrece formación a empresas y trabajadores en activo a través de cursos 
bonificados por la Fundación Estatal para la Formación en el Empleo (antiguo 
FORCEM) que gestiona las acciones formativas de FORMACIÓN CONTINUA para 
trabajadores y se rige por la ley 30/2015 de 9 de Septiembre.

Antes de imprimir este e-mail piense bien si es necesario hacerlo. La 
información transmitida en este mensaje está dirigida solamente a las personas 
o entidades que figuran en el encabezamiento y contiene información 
confidencial, por lo que, si usted lo recibiera por error, por favor destrúyalo 
sin copiarlo, usarlo ni distribuirlo, comunicándolo inmediatamente al emisor 
del mensaje. De conformidad con lo dispuesto en el Reglamento Europeo del 
2016/679, del 27 de Abril de 2016, FOESCO le informa que los datos por usted 
suministrados serán tratados con las medidas de seguridad conformes a la 
normativa vigente que se requiere. Dichos datos serán empleados con fines de 
gestión. Para el ejercicio de sus derechos de transparencia, información, 
acceso, rectificación, supresión o derecho al olvido, limitación del 
tratamiento , portabilidad de datos y oposición de sus datos de carácter 
personal deberá dirigirse a la dirección del Responsable del tratamiento a C/ 
LAGUNA DEL MARQUESADO Nº10, 28021, MADRID, "PULSANDO AQUI" 
 y "ENVIAR".

Servicio de la flota

[Miguel Rodríguez García]

Buenos días:

Le escribo para hablarle sobre una de las mejores herramientas GPS en el 
mercado.

La herramienta, que me gustaría presentarle brevemente, dispone de muchas 
funciones útiles para su trabajo, que optimizan los procesos de transporte y le 
ayudan a realizar tareas de campo de manera más eficiente.

¿Quiere conocer los detalles?


Atentamente,
Miguel Rodríguez García

Info Foesco

[Grupo Foesco]

Buenos días



Soy Alex Pons, director de FOESCO (Formación Estatal Continua).


Nos dirigimos a vuestra empresa para saber si precisáis realizar formación 
bonificable para vuestros empleados este año?

En caso de precisarla, podemos mandaros la información correspondiente a la 
actual convocatoria, contactar con vosotros por teléfono para comentarlo o bien 
podéis indicarnos en que mes del año queréis realizar la formación.


Recordamos que todos los cursos impartidos son 100% Bonificables con cargo al 
Crédito de Formación 2022.



Quedamos a la espera de vuestra respuesta.


Un cordial saludo.


Departamento de Formación Bonificable
FOESCO Formación Estatal Continua.
Empresa inscrita en el Registro de empresas de Formación.

www.foesco.com
e-mail: cur...@foesco.net
Tel:  910 323 794

(Horario de 9h a 15h y de 17h a 20h de Lunes a Viernes)

FOESCO ofrece formación a empresas y trabajadores en activo a través de cursos 
bonificados por la Fundación Estatal para la Formación en el Empleo (antiguo 
FORCEM) que gestiona las acciones formativas de FORMACIÓN CONTINUA para 
trabajadores y se rige por la ley 30/2015 de 9 de Septiembre.

Antes de imprimir este e-mail piense bien si es necesario hacerlo. La 
información transmitida en este mensaje está dirigida solamente a las personas 
o entidades que figuran en el encabezamiento y contiene información 
confidencial, por lo que, si usted lo recibiera por error, por favor destrúyalo 
sin copiarlo, usarlo ni distribuirlo, comunicándolo inmediatamente al emisor 
del mensaje. De conformidad con lo dispuesto en el Reglamento Europeo del 
2016/679, del 27 de Abril de 2016, FOESCO le informa que los datos por usted 
suministrados serán tratados con las medidas de seguridad conformes a la 
normativa vigente que se requiere. Dichos datos serán empleados con fines de 
gestión. Para el ejercicio de sus derechos de transparencia, información, 
acceso, rectificación, supresión o derecho al olvido, limitación del 
tratamiento , portabilidad de datos y oposición de sus datos de carácter 
personal deberá dirigirse a la dirección del Responsable del tratamiento a C/ 
LAGUNA DEL MARQUESADO Nº10, 28021, MADRID, "PULSANDO AQUI" 
 y "ENVIAR".

apache2_2.4.52-1~bpo10+1_sourceonly.changes ACCEPTED into buster-backports->backports-policy, buster-backports

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 08 Feb 2022 06:32:10 +0100
Source: apache2
Architecture: source
Version: 2.4.52-1~bpo10+1
Distribution: buster-backports
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Yadd 
Changes:
 apache2 (2.4.52-1~bpo10+1) buster-backports; urgency=medium
 .
   * Rebuild for buster-backports.
Checksums-Sha1: 
 ac7276d05bc345028eb5ee9e63ec3a87b4610b34 3506 apache2_2.4.52-1~bpo10+1.dsc
 fae17e9a47be44b41c3c095bb27102e1fae4f7a1 888016 
apache2_2.4.52-1~bpo10+1.debian.tar.xz
Checksums-Sha256: 
 a241ecb5150437dc72afcc3bd4b1ef93f3d2cc53772c70142be6afacf1a9e8a5 3506 
apache2_2.4.52-1~bpo10+1.dsc
 0b43fed4ad9f79b7e2793cb909fffcff0db7422ba1dab50a274c70ee1bbbfd22 888016 
apache2_2.4.52-1~bpo10+1.debian.tar.xz
Files: 
 3da8332d288d58c4afc24e936ce94335 3506 httpd optional 
apache2_2.4.52-1~bpo10+1.dsc
 44ef970d46004db3192ebeaf2327fb3c 888016 httpd optional 
apache2_2.4.52-1~bpo10+1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmICA18ACgkQ9tdMp8mZ
7un+bxAAlir4T72ZG9uUCJF1JqLJpbwFtzuAK1QKqzy0ehtZDi18SiW0kkc73ZDS
aRcKm3Xlh6Aaimvvde5lQUzuTykLiF0ynx/gBjPH2PK3K+b6m+uMgi5SLGueg6EN
folDSRD1LpAQH9Ize7HwdSX5GtnwiaCFuudYKmBMfdxmNG/f/tCbVv5gJSo9Mxsv
Wl9cvlDz0ryaGRefM6oRMip0k+qP34goGqS17uw6RfhixgEB6RYsiU5upbbo3wSV
jDLHl2B6EiSDLsYCld2FNgNSSCY8ZhV5Y28gkGvN8AIrQJdvtSJr2ixCTqP3zumQ
iw1orHC7Ii85cFIemrM+WtswqSDSNYYbTT3uZ15cpMaTC0rjmkOpjjp/7NyKh4HJ
E+a+N6r6duArFUqEB4zT+cb7jQBFwHy45JRB8SDiIeSUTa0BjuGN/rFSA5+e/xGg
qTpXP3wVeYOTO8A0Jz1PB+7ZtVYZQWJiGrxALish56Nry/K8OiI/NTMNEh6cfBU/
eyD/p1qL7NVHy1J3Hqr5l43N8YsrioNx6nKorytM3b06n+4FgPtAl2QWp9aTKD+r
RGBCQek+bTNkUX2Am6XDzMDsVTBr32G/6jh654Ri+Tm89FGi9OCuveyp9MSobmfB
CVq7ed5qD88eAGD2xe1cbKIrGunWYxPmDCs9KrmAn7KzjDU0tok=
=4SRt
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

apache2_2.4.52-1~bpo10+1_sourceonly.changes ACCEPTED into buster-backports->backports-policy

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 08 Feb 2022 06:32:10 +0100
Source: apache2
Architecture: source
Version: 2.4.52-1~bpo10+1
Distribution: buster-backports
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Yadd 
Changes:
 apache2 (2.4.52-1~bpo10+1) buster-backports; urgency=medium
 .
   * Rebuild for buster-backports.
Checksums-Sha1: 
 ac7276d05bc345028eb5ee9e63ec3a87b4610b34 3506 apache2_2.4.52-1~bpo10+1.dsc
 fae17e9a47be44b41c3c095bb27102e1fae4f7a1 888016 
apache2_2.4.52-1~bpo10+1.debian.tar.xz
Checksums-Sha256: 
 a241ecb5150437dc72afcc3bd4b1ef93f3d2cc53772c70142be6afacf1a9e8a5 3506 
apache2_2.4.52-1~bpo10+1.dsc
 0b43fed4ad9f79b7e2793cb909fffcff0db7422ba1dab50a274c70ee1bbbfd22 888016 
apache2_2.4.52-1~bpo10+1.debian.tar.xz
Files: 
 3da8332d288d58c4afc24e936ce94335 3506 httpd optional 
apache2_2.4.52-1~bpo10+1.dsc
 44ef970d46004db3192ebeaf2327fb3c 888016 httpd optional 
apache2_2.4.52-1~bpo10+1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmICA18ACgkQ9tdMp8mZ
7un+bxAAlir4T72ZG9uUCJF1JqLJpbwFtzuAK1QKqzy0ehtZDi18SiW0kkc73ZDS
aRcKm3Xlh6Aaimvvde5lQUzuTykLiF0ynx/gBjPH2PK3K+b6m+uMgi5SLGueg6EN
folDSRD1LpAQH9Ize7HwdSX5GtnwiaCFuudYKmBMfdxmNG/f/tCbVv5gJSo9Mxsv
Wl9cvlDz0ryaGRefM6oRMip0k+qP34goGqS17uw6RfhixgEB6RYsiU5upbbo3wSV
jDLHl2B6EiSDLsYCld2FNgNSSCY8ZhV5Y28gkGvN8AIrQJdvtSJr2ixCTqP3zumQ
iw1orHC7Ii85cFIemrM+WtswqSDSNYYbTT3uZ15cpMaTC0rjmkOpjjp/7NyKh4HJ
E+a+N6r6duArFUqEB4zT+cb7jQBFwHy45JRB8SDiIeSUTa0BjuGN/rFSA5+e/xGg
qTpXP3wVeYOTO8A0Jz1PB+7ZtVYZQWJiGrxALish56Nry/K8OiI/NTMNEh6cfBU/
eyD/p1qL7NVHy1J3Hqr5l43N8YsrioNx6nKorytM3b06n+4FgPtAl2QWp9aTKD+r
RGBCQek+bTNkUX2Am6XDzMDsVTBr32G/6jh654Ri+Tm89FGi9OCuveyp9MSobmfB
CVq7ed5qD88eAGD2xe1cbKIrGunWYxPmDCs9KrmAn7KzjDU0tok=
=4SRt
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

Processing of apache2_2.4.52-1~bpo10+1_sourceonly.changes

[Debian FTP Masters]

apache2_2.4.52-1~bpo10+1_sourceonly.changes uploaded successfully to localhost
along with the files:
  apache2_2.4.52-1~bpo10+1.dsc
  apache2_2.4.52-1~bpo10+1.debian.tar.xz

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

Información SERYS

[=??Q?Serys_energ=EDa_?=]

Buenos días



Desde SERYS ENERGIA estamos informando a todas las empresas, particulares y 
entidades públicas acerca del servicio de autoconsumo eléctrico mediante la 
instalación totalmente financiada de placas solares fotovoltaicas.


Por este motivo rogamos podáis respondernos indicando una de la siguientes 
respuestas:


1 - Precisamos recibir presupuesto personalizado y sin compromiso (Indicar por 
favor nombre y teléfono de contacto).

2 - No precisamos recibir información, disponemos ya de una instalación 
fotovoltaica.

3 - No precisamos recibir información, no nos interesa cambiar a autoconsumo.


Gracias por vuestra colaboración y quedamos a la espera de respuesta.


Saludos cordiales.


Departamento de autoconsumo y renovables
SERYS CONSULTING ESPAÑA
Tel. 604213428

www.serys-energia.com

Antes de imprimir este e-mail piense bien si es necesario hacerlo. De 
conformidad con lo dispuesto en el Reglamento Europeo del 2016/679, del 27 de 
Abril de 2016 le informamos que la información transmitida en este mensaje está 
dirigida solamente a las personas o entidades que figuran en el encabezamiento 
y contiene información confidencial, por lo que, si usted lo recibiera por 
error, por favor destrúyalo sin copiarlo, usarlo ni distribuirlo, comunicándolo 
inmediatamente al emisor del mensaje. 

Puede solicitar BAJA en el envío de correos electrónicos "PULSANDO AQUI" 
 y "ENVIAR".

Koszty instalacji fotowoltaicznej

[Arkadiusz Sokołowski]

Dzień dobry,

stworzyliśmy specjalną ofertę dla firm, na kompleksową obsługę inwestycji w 
fotowoltaikę.  

Specjalizujemy się w zakresie doboru, montażu i serwisie instalacji 
fotowoltaicznych, dysponujemy najnowocześniejszymi rozwiązania, które zapewnią 
Państwu oczekiwane rezultaty.

Możemy przygotować dla Państwa wstępną kalkulację i przeanalizować efekty 
możliwe do osiągnięcia.

Czy są Państwo otwarci na wstępną rozmowę w tym temacie?


Pozdrawiam
Arkadiusz Sokołowski

Ruch z pierwszej pozycji w Google

[Wiktor Zielonko]

Dzień dobry, 

jakiś czas temu zgłosiła się do nas firma, której strona internetowa nie 
pozycjonowała się wysoko w wyszukiwarce Google. 

Na podstawie wykonanego przez nas audytu SEO zoptymalizowaliśmy treści na 
stronie pod kątem wcześniej opracowanych słów kluczowych. Nasz wewnętrzny 
system codziennie analizuje prawidłowe działanie witryny.  Dzięki indywidualnej 
strategii, firma zdobywa coraz więcej Klientów.  

Czy chcieliby Państwo zwiększyć liczbę osób odwiedzających stronę internetową 
firmy? Mógłbym przedstawić ofertę? 


Pozdrawiam serdecznie,
Wiktor Zielonko

Bug#987156: Acknowledgement (mod_ssl depends on mod_setenvif while it does not)

[MichaIng]

Huh, what spam bot made it in here?

However,

@Stefan as I see MS Internet Explorer support being dropped by more and 
more projects, do you agree to have the MSIE [2-6] comment blocks simply 
removed, together with the mod_setenvif dependency? If so, let me know 
and I can send a merge request, in case the repo link in my last post is 
okay.


Best regards,

Micha

Bug#1004275: php upgrade apache2: After upgrade php install apache2 and i have intalled lighttpd

[After apt upgrade thet php update install apache2 but it's installed lighttpd]

Package: php apache2
Severity: important
X-Debbugs-Cc: eumesmame...@riseup.net

Dear Maintainer,

After apt update & upgrade a new php update appear but the upgrade also 
installed apache2. 
I am running lighttpd server and apache2 it's not neccesary on my system.
I think in some circunstances this could be a problem.

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: armhf (armv7l)

Kernel: Linux 5.15.0-2-armmp (SMP w/1 CPU thread)
Kernel taint flags: TAINT_CRAP, TAINT_UNSIGNED_MODULE
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apache2 depends on:
ii  apache2-bin  2.4.52-1
ii  apache2-data 2.4.52-1
ii  apache2-utils2.4.52-1
ii  init-system-helpers  1.61
ii  lsb-base 11.1.0
ii  mime-support 3.66
ii  perl 5.32.1-6
ii  procps   2:3.3.17-6

Versions of packages apache2 recommends:
ii  ssl-cert  1.1.2

Versions of packages apache2 suggests:
pn  apache2-doc  
pn  apache2-suexec-pristine | apache2-suexec-custom  
ii  links [www-browser]  2.25-1
ii  lynx [www-browser]   2.9.0dev.10-1

Bug#1004086: apache2-bin: mod_ssl ignores SSLOpenSSLConfCmd DHParameters

[craft-haiku-1...@t-online.de]

Package: apache2-bin
Version: 2.4.52-1~deb11u2
Severity: normal

Dear Maintainer,

I use a 4096-bit RSA certificate and corresponding 4096-bit DH parameters 
generated with

openssl dhparam -outform pem -out /etc/apache2/ssl/dhparam4k.pem 4096

I configured these parameters in Apache with

SSLOpenSSLConfCmd DHParameters /etc/apache2/ssl/dhparam4k.pem

Since the upgrade to Bullseye, these parameters seem to be ignored:
sslscan and ssllabs show that my DHE parameters are only 3072 bits.

When I test the same configuration on a Buster machine the correct 4096 bits 
are shown.


-- Package-specific info:

-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-10-amd64 (SMP w/12 CPU threads)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.utf8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages apache2-bin depends on:
ii  libapr1  1.7.0-6+deb11u1
ii  libaprutil1  1.6.1-5
ii  libaprutil1-dbd-sqlite3  1.6.1-5
ii  libaprutil1-ldap 1.6.1-5
ii  libbrotli1   1.0.9-2+b2
ii  libc62.31-13+deb11u2
ii  libcrypt11:4.4.18-4
ii  libcurl4 7.74.0-1.3+deb11u1
ii  libjansson4  2.13.1-1.1
ii  libldap-2.4-22.4.57+dfsg-3
ii  liblua5.3-0  5.3.3-1.1+b1
ii  libnghttp2-141.43.0-1
ii  libpcre3 2:8.39-13
ii  libssl1.11.1.1k-1+deb11u1
ii  libxml2  2.9.10+dfsg-6.7
ii  perl 5.32.1-4+deb11u2
ii  zlib1g   1:1.2.11.dfsg-2

apache2-bin recommends no packages.

Versions of packages apache2-bin suggests:
pn  apache2-doc
ii  apache2-suexec-custom  2.4.52-1~deb11u2
pn  www-browser

Versions of packages apache2 depends on:
ii  apache2-data 2.4.52-1~deb11u2
ii  apache2-utils2.4.52-1~deb11u2
ii  dpkg 1.20.9
ii  init-system-helpers  1.60
ii  lsb-base 11.1.0
ii  mime-support 3.66
ii  perl 5.32.1-4+deb11u2
ii  procps   2:3.3.17-5

Versions of packages apache2 recommends:
ii  ssl-cert  1.1.0+nmu1

Versions of packages apache2 suggests:
pn  apache2-doc
ii  apache2-suexec-custom  2.4.52-1~deb11u2
pn  www-browser

Versions of packages apache2-bin is related to:
ii  apache2  2.4.52-1~deb11u2
ii  apache2-bin  2.4.52-1~deb11u2

-- no debconf information


Processed: fixed 663530 in 2.4.2-2, found 663530 in 2.2.22-4, notfound 876636 in 2.4.27-6

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> fixed 663530 2.4.2-2
Bug #663530 {Done: Vincent Lefevre } [apache2-bin] 
apache2.2-common: Spurious warning "NameVirtualHost *:80 has no VirtualHosts" 
in cron/logrotate output
Marked as fixed in versions apache2/2.4.2-2.
> found 663530 2.2.22-4
Bug #663530 {Done: Vincent Lefevre } [apache2-bin] 
apache2.2-common: Spurious warning "NameVirtualHost *:80 has no VirtualHosts" 
in cron/logrotate output
There is no source info for the package 'apache2-bin' at version '2.2.22-4' 
with architecture ''
Unable to make a source version for version '2.2.22-4'
Marked as found in versions 2.2.22-4.
> notfound 876636 2.4.27-6
Bug #876636 {Done: Christian Göttsche } [apache2] 
apache2: insserv noise
No longer marked as found in versions apache2/2.4.27-6.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
663530: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663530
876636: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876636
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Servicio de la flota

[Miguel Rodríguez García]

Buenos días:

Le escribo para hablarle sobre una de las mejores herramientas GPS en el 
mercado.

La herramienta, que me gustaría presentarle brevemente, dispone de muchas 
funciones útiles para su trabajo, que optimizan los procesos de transporte y le 
ayudan a realizar tareas de campo de manera más eficiente.

¿Quiere conocer los detalles?


Atentamente,
Miguel Rodríguez García

Słowa kluczowe do wypozycjonowania

[Mikołaj Rudzik]

Dzień dobry,

zapoznałem się z Państwa ofertą i z przyjemnością przyznaję, że przyciąga uwagę 
i zachęca do dalszych rozmów. 

Pomyślałem, że może mógłbym mieć swój wkład w Państwa rozwój i pomóc dotrzeć z 
tą ofertą do większego grona odbiorców. Pozycjonuję strony www, dzięki czemu 
generują świetny ruch w sieci.

Możemy porozmawiać w najbliższym czasie?


Pozdrawiam
Mikołaj Rudzik

apache2_2.4.52-1~deb11u2_sourceonly.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 03 Jan 2022 22:27:14 +0100
Source: apache2
Architecture: source
Version: 2.4.52-1~deb11u2
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Yadd 
Changes:
 apache2 (2.4.52-1~deb11u2) bullseye-security; urgency=medium
 .
   * Fix 2.4.52 regression
Checksums-Sha1: 
 2c8ebd77829045888a633127457dfdc6f3f05c4a 3539 apache2_2.4.52-1~deb11u2.dsc
 8ef67ae224f617edb7f28e4ad95963bb880ef994 887432 
apache2_2.4.52-1~deb11u2.debian.tar.xz
Checksums-Sha256: 
 a8482b83763069c24db896d5cd5c8e46d7eed9d5853f600161ef7b6668e624ed 3539 
apache2_2.4.52-1~deb11u2.dsc
 ce9977656ac2a56300a92f1978217232ab152212241c78072bbb754e251c5cfc 887432 
apache2_2.4.52-1~deb11u2.debian.tar.xz
Files: 
 db2958f55460cf1dc7946a55174e9b1c 3539 httpd optional 
apache2_2.4.52-1~deb11u2.dsc
 6098afff7fc5819f4f135ad7007ab202 887432 httpd optional 
apache2_2.4.52-1~deb11u2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmHT3c0ACgkQ9tdMp8mZ
7unfcQ/+L8f7M5QEboYBxrHrSGezvhGkCy1NHRxTQxqDM1S+GtsJRqQNqHBEJ6qA
i/h9gFa88UgE9Zy+xyzt2df96fNZZf7ZFFZwkGQoLUJJ80ecl0cao6fWqvurV5t1
xem7rpgai+NuvW8JX8mDibRtyP8SzyOebuv/ZXpxrdc9UGGts9rqzHVawdV46f3j
tLAkazTHAvoljrYRS3119a44Yagf3AnBoIfpCDvQ7rq/iqOmp5AWhaMA5XxdaKzI
lNzi/y0rXMMyjhFmlDBFj3k8IZFjqvjJuYKnxc/vrN9QwO8GxJ1/8xj0jF63i/i9
lPtCrXFXEx+BnyV/b9pxLJOmWb+yMJEgr+WuTU4x3TpO5EAArr//FGBiiscbdQUh
6zWG5Un7RWM7hqYvov8196BmhweTVbHq6jbwSSTlVm4OS6wH0SCip82od2CnkAiK
5o9klSuzz1k19GlL3KV4jksrQbtzHe6f4iqayrL3FSuDbRS20+084rwGqourQqaH
FWk2323anMZsdLfk+HbGFr8+vpdm+llMPGQnJ3n7toatQL+OKXPzyM01yzw+EKTW
AOdWxfr9Vk9+gZa9aO9+33FeVYfLMRDqMHTQgB80pHL9/lofi0KK3qiyw5TUdEqK
I2yQNUotE0l1wGRv7JHuxCbjoN+bCeE1Sf1ggqzuTMdU0HY/l6A=
=pdlw
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

apache2_2.4.52-1~deb11u1_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 20 Dec 2021 18:15:18 +0100
Source: apache2
Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-data apache2-dev 
apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym 
apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils 
apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi
Architecture: source amd64 all
Version: 2.4.52-1~deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Yadd 
Description:
 apache2- Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for 
mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for 
mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 libapache2-mod-md - transitional package
 libapache2-mod-proxy-uwsgi - transitional package
Changes:
 apache2 (2.4.52-1~deb11u1) bullseye-security; urgency=medium
 .
   * New upstream version 2.4.52 (Closes: CVE-2021-44224, CVE-2021-44790)
   * Refresh patches
Checksums-Sha1:
 b45978fe8ed1cde5fee2d4ec95fbe6ae7b9a96b1 3539 apache2_2.4.52-1~deb11u1.dsc
 f616eac56f9d48f8b5c1e124267ee392cdc1ac5c 9719976 apache2_2.4.52.orig.tar.gz
 e6438aedf2e081e12482b59763275eeebd150514 874 apache2_2.4.52.orig.tar.gz.asc
 e6851f888f234d9fd37f82cd5b43e41a941bf5ee 886288 
apache2_2.4.52-1~deb11u1.debian.tar.xz
 2d28ac9bb6de6a8240a77259eb3662374ccfd39f 3269596 
apache2-bin-dbgsym_2.4.52-1~deb11u1_amd64.deb
 b1741c5a1fd8e7e0bae58b1fe874d94b7f2fd21d 1412300 
apache2-bin_2.4.52-1~deb11u1_amd64.deb
 a310ebb63f1429c1ed7756ac15e3e46b5529590f 160084 
apache2-data_2.4.52-1~deb11u1_all.deb
 8fb735d9ffa4081d702ebb515963f598a03aa307 359496 
apache2-dev_2.4.52-1~deb11u1_amd64.deb
 ed320115868fdaa3119ef03384242bdb460f04c1 4057360 
apache2-doc_2.4.52-1~deb11u1_all.deb
 872f2b99a349dd5b453ec1a5620debc84311de95 3124 
apache2-ssl-dev_2.4.52-1~deb11u1_amd64.deb
 d31f6652bf6136bc130a30295f88ec13309c35b0 12352 
apache2-suexec-custom-dbgsym_2.4.52-1~deb11u1_amd64.deb
 40450f23d6b90069151a0f5c337248743d6358b3 191872 
apache2-suexec-custom_2.4.52-1~deb11u1_amd64.deb
 016020f0aa8b266384ddea005937cb2a43f4b267 11140 
apache2-suexec-pristine-dbgsym_2.4.52-1~deb11u1_amd64.deb
 bcac572f9bab8cd4e383f7a72c3822e24f4bb821 190300 
apache2-suexec-pristine_2.4.52-1~deb11u1_amd64.deb
 c30d5e021e3ac2d30edd543eb913e6250823d7fb 114568 
apache2-utils-dbgsym_2.4.52-1~deb11u1_amd64.deb
 74b9d0706980dc0320f3eed3b1741868c9944b02 257380 
apache2-utils_2.4.52-1~deb11u1_amd64.deb
 5c8731c3f1ddc2b505a3127a375dd33240ba093c 12260 
apache2_2.4.52-1~deb11u1_amd64.buildinfo
 92f09f4e32aacef7bcfae570501e5e8e50bd5203 271928 
apache2_2.4.52-1~deb11u1_amd64.deb
 2b4b32961efca42770d7ba6dbb5eab7047c80853 956 
libapache2-mod-md_2.4.52-1~deb11u1_amd64.deb
 cc71235e2cb6e622a985aa860bd5f205ee8f0101 1132 
libapache2-mod-proxy-uwsgi_2.4.52-1~deb11u1_amd64.deb
Checksums-Sha256:
 c966f720b16777494d90aa2c93cc9d89f986cc4958665fcf58e2ad6d9bf1d6f5 3539 
apache2_2.4.52-1~deb11u1.dsc
 296c74a8adde1a8acd6617b21fc3d19719ff4fa39319b2bdbd898aca4d5df97f 9719976 
apache2_2.4.52.orig.tar.gz
 37839294ab44fcbdcb54d64bb0c7f27f7534d8e03947697ee6fc702002678c5f 874 
apache2_2.4.52.orig.tar.gz.asc
 b96db82d65d0f7cba11a304d112a43a7354bae7cfe30a408bdd8d1cc675c26ce 886288 
apache2_2.4.52-1~deb11u1.debian.tar.xz
 e5a5072916abe6c2b2e874345e0f43171b319f08868f41fffb8ff55234a6c848 3269596 
apache2-bin-dbgsym_2.4.52-1~deb11u1_amd64.deb
 2b47a2d023b2e0f304ba335ed97a1e61352420fdd18f37d3fee3a49ae1b9c3ef 1412300 
apache2-bin_2.4.52-1~deb11u1_amd64.deb
 0aac8b36532475183ef9b6e48594325091e2c2e772602ddd2b6c079ead978c61 160084 
apache2-data_2.4.52-1~deb11u1_all.deb
 daa1b323d9120d40b3ab237d6fd386c62d2a1b24e13db9f030ab003b4a2d9d62 359496 
apache2-dev_2.4.52-1~deb11u1_amd64.deb
 2171983569f026d43c7fa37ad6cd9109e805b887dc37e2b01a6d36e0c4b13578 4057360 
apache2-doc_2.4.52-1~deb11u1_all.deb
 fbfb2883e41cb58c2a2b7b00494d1c59844ed34b91da45ec3af093a67a153a34 3124 
apache2-ssl-dev_2.4.52-1~deb11u1_amd64.deb
 5a9e4d74694b4d45aa9690c29cbe2a704d63d596ab1a1da50dda0210f10d1afe 12352 
apache2-suexec-custom-dbgsym_2.4.52-1~deb11u1_amd64.deb
 3b7df88ccef6c7d75b7edec227fbfa77414d58b6e4d9c219907b1f7f48514f60 191872 
apache2-suexec-custom_2.4.52-1~deb11u1_amd64.deb
 091c964b155927f07cda9b49d16ba2b4112293e2698fab9ae4f94c4f20ddd405 11140 
apache2-suexec-pristine-dbgsym_2.4.52-1~deb11u1_amd64.deb
 bd2d9ffdbde703ab235f26b2331b1fb899cf918ca2b4dbfd4c03df6388f2c602 190300 
apache2-suexec-pristine_2.4.52-1~deb11u1_amd64.deb
 7dd36d1fcc021e023a6d4bb4adb3a404b24a9f4556a63e95a806223eb6badee2 114568 

Foesco

[FOESCO]

Buenos días



Soy Alex Pons, director de FOESCO (Formación Estatal Continua).


Os informamos que ya se encuentra abierto el plazo de inscripción para la 
primera convocatoria 2022 de Formación Bonificable para empleados.

Todos los cursos impartidos son 100% Bonificables con cargo al Crédito de 
Formación 2022.


Deseáis que os mandemos el listado de cursos disponibles?


Quedamos a la espera de vuestra respuesta.


Un cordial saludo.


Alex Pons
Director FOESCO

Equipo FOESCO (Formación Estatal Continua).
Entidad Organizadora: B200592AA
Tel: 910 323 794
(Horario de 9h a 15h y de 17h a 20h de Lunes a Viernes)

FOESCO ofrece formación a empresas y trabajadores en activo a través de cursos 
bonificados por la Fundación Estatal para la Formación en el Empleo (antiguo 
FORCEM) que gestiona las acciones formativas de FORMACIÓN CONTINUA para 
trabajadores y se rige por la ley 30/2015 de 9 de Septiembre.

Antes de imprimir este e-mail piense bien si es necesario hacerlo. La 
información transmitida en este mensaje está dirigida solamente a las personas 
o entidades que figuran en el encabezamiento y contiene información 
confidencial, por lo que, si usted lo recibiera por error, por favor destrúyalo 
sin copiarlo, usarlo ni distribuirlo, comunicándolo inmediatamente al emisor 
del mensaje. De conformidad con lo dispuesto en el Reglamento Europeo del 
2016/679, del 27 de Abril de 2016, FOESCO le informa que los datos por usted 
suministrados serán tratados con las medidas de seguridad conformes a la 
normativa vigente que se requiere. Dichos datos serán empleados con fines de 
gestión. Para el ejercicio de sus derechos de transparencia, información, 
acceso, rectificación, supresión o derecho al olvido, limitación del 
tratamiento , portabilidad de datos y oposición de sus datos de carácter 
personal deberá dirigirse a la dirección del Responsable del tratamiento a C/ 
LAGUNA DEL MARQUESADO Nº10, 28021, MADRID, "PULSANDO AQUI" 
 y "ENVIAR".