** Description changed:
- Scheduled-For: 23.01
Upstream: 2.4.51
- Debian: 2.4.51-1
+ Debian: 2.4.51-1
Ubuntu: 2.4.48-3.1ubuntu3
-
Debian does new releases regularly, so it's likely there will be newer
versions available before FF that we can pick up if this merge is done
later in the cycle.
-
### New Debian Changes ###
apache2 (2.4.51-1) unstable; urgency=medium
- * New upstream version 2.4.51 (Closes: CVE-2021-41773, CVE-2021-42013)
- * Fix apache2ctl (see https://github.com/oerdnj/deb.sury.org/issues/1659)
+ * New upstream version 2.4.51 (Closes: CVE-2021-41773, CVE-2021-42013)
+ * Fix apache2ctl (see https://github.com/oerdnj/deb.sury.org/issues/1659)
- -- Yadd <y...@debian.org> Thu, 07 Oct 2021 20:35:33 +0200
+ -- Yadd <y...@debian.org> Thu, 07 Oct 2021 20:35:33 +0200
apache2 (2.4.50-1) unstable; urgency=high
- * New upstream version 2.4.50 (Closes: CVE-2021-41773, CVE-2021-41524)
- * Remove patches already merged upstream
+ * New upstream version 2.4.50 (Closes: CVE-2021-41773, CVE-2021-41524)
+ * Remove patches already merged upstream
- -- Ondřej Surý <ond...@debian.org> Tue, 05 Oct 2021 13:25:23 +0200
+ -- Ondřej Surý <ond...@debian.org> Tue, 05 Oct 2021 13:25:23 +0200
apache2 (2.4.49-4) unstable; urgency=medium
- [ Ondřej Surý ]
- * Add upstream patch to fix crash in 2.4.49
+ [ Ondřej Surý ]
+ * Add upstream patch to fix crash in 2.4.49
- -- Yadd <y...@debian.org> Fri, 01 Oct 2021 11:34:24 +0200
+ -- Yadd <y...@debian.org> Fri, 01 Oct 2021 11:34:24 +0200
apache2 (2.4.49-3) unstable; urgency=medium
- [ Yadd ]
- * Re-export upstream signing key without extra signatures.
- * Drop transition for old debug package migration.
+ [ Yadd ]
+ * Re-export upstream signing key without extra signatures.
+ * Drop transition for old debug package migration.
- [ Moritz Muehlenhoff ]
- * Fix CVE-2021-40438 regression
+ [ Moritz Muehlenhoff ]
+ * Fix CVE-2021-40438 regression
- -- Yadd <y...@debian.org> Thu, 30 Sep 2021 06:00:06 +0200
+ -- Yadd <y...@debian.org> Thu, 30 Sep 2021 06:00:06 +0200
apache2 (2.4.49-2) unstable; urgency=medium
- [ Michiel Hazelhof ]
- * Fix multi instance issue (Closes: #868861)
+ [ Michiel Hazelhof ]
+ * Fix multi instance issue (Closes: #868861)
- [ Philippe Ombredanne ]
- * Fix GPL version typo in copyright file
+ [ Philippe Ombredanne ]
+ * Fix GPL version typo in copyright file
- -- Yadd <y...@debian.org> Thu, 23 Sep 2021 13:55:55 +0200
+ -- Yadd <y...@debian.org> Thu, 23 Sep 2021 13:55:55 +0200
apache2 (2.4.49-1) unstable; urgency=medium
- * Update upstream GPG keys
- * New upstream version 2.4.49 (Closes: CVE-2021-34798, CVE-2021-36160,
- CVE-2021-39275, CVE-2021-40438)
- * Refresh patches
+ * Update upstream GPG keys
+ * New upstream version 2.4.49 (Closes: CVE-2021-34798, CVE-2021-36160,
+ CVE-2021-39275, CVE-2021-40438)
+ * Refresh patches
- -- Yadd <y...@debian.org> Thu, 16 Sep 2021 06:22:23 +0200
+ -- Yadd <y...@debian.org> Thu, 16 Sep 2021 06:22:23 +0200
apache2 (2.4.48-4) unstable; urgency=medium
- * Fix mod_proxy HTTP2 request line injection (Closes: CVE-2021-33193)
+ * Fix mod_proxy HTTP2 request line injection (Closes: CVE-2021-33193)
- -- Yadd <y...@debian.org> Thu, 12 Aug 2021 11:37:43 +0200
+ -- Yadd <y...@debian.org> Thu, 12 Aug 2021 11:37:43 +0200
apache2 (2.4.48-3.1) unstable; urgency=medium
- * Non-maintainer upload.
- * Direct init script reload output from logrotate to syslog, to
- avoid mail-spamming the local admin (Closes: #990580)
+ * Non-maintainer upload.
+ * Direct init script reload output from logrotate to syslog, to
+ avoid mail-spamming the local admin (Closes: #990580)
- -- Thorsten Glaser <t...@mirbsd.de> Sat, 10 Jul 2021 23:31:28 +0200
+ -- Thorsten Glaser <t...@mirbsd.de> Sat, 10 Jul 2021 23:31:28 +0200
apache2 (2.4.48-3) unstable; urgency=medium
- * Fix debian/changelog
+ * Fix debian/changelog
- -- Yadd <y...@debian.org> Sun, 20 Jun 2021 16:39:33 +0200
+ -- Yadd <y...@debian.org> Sun, 20 Jun 2021 16:39:33 +0200
apache2 (2.4.48-2) unstable; urgency=medium
- * Back to unstable: Apache2 will follow upstream changes for Bullseye
+ * Back to unstable: Apache2 will follow upstream changes for Bullseye
- [ Christian Ehrhardt ]
- * d/t/control, d/t/check-http2: basic test for http2 (Closes: #884068)
+ [ Christian Ehrhardt ]
+ * d/t/control, d/t/check-http2: basic test for http2 (Closes: #884068)
- -- Yadd <y...@debian.org> Sat, 19 Jun 2021 17:50:29 +0200
+ -- Yadd <y...@debian.org> Sat, 19 Jun 2021 17:50:29 +0200
apache2 (2.4.48-1) experimental; urgency=medium
- [ Daniel Lewart ]
- * Update apache2.logrotate (Closes: #979813)
+ [ Daniel Lewart ]
+ * Update apache2.logrotate (Closes: #979813)
- [ Andreas Hasenack ]
- * Avoid test suite failure (Closes: #985012)
+ [ Andreas Hasenack ]
+ * Avoid test suite failure (Closes: #985012)
- [ Yadd ]
- * Update lintian overrides
- * Re-export upstream signing key without extra signatures.
+ [ Yadd ]
+ * Update lintian overrides
+ * Re-export upstream signing key without extra signatures.
- [ Ondřej Surý ]
- * New upstream version 2.4.48 (Closes: CVE-2019-17567, CVE-2020-13938,
- CVE-2020-13950, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691,
- CVE-2021-30641, CVE-2021-31618)
+ [ Ondřej Surý ]
+ * New upstream version 2.4.48 (Closes: CVE-2019-17567, CVE-2020-13938,
+ CVE-2020-13950, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691,
+ CVE-2021-30641, CVE-2021-31618)
- -- Ondřej Surý <ond...@debian.org> Tue, 08 Jun 2021 08:29:35 +0200
+ -- Ondřej Surý <ond...@debian.org> Tue, 08 Jun 2021 08:29:35 +0200
apache2 (2.4.47-1) experimental; urgency=medium
-
### Old Ubuntu Delta ###
apache2 (2.4.48-3.1ubuntu3) impish; urgency=medium
- * SECURITY REGRESSION: Issues in UDS URIs (LP: #1945311)
- - debian/patches/CVE-2021-40438-2.patch: Fix UDS unix: scheme for P
- rules in modules/mappers/mod_rewrite.c.
- - debian/patches/CVE-2021-40438-3.patch: Handle UDS URIs with empty
- hostname in modules/mappers/mod_rewrite.c,
- modules/proxy/proxy_util.c.
+ * SECURITY REGRESSION: Issues in UDS URIs (LP: #1945311)
+ - debian/patches/CVE-2021-40438-2.patch: Fix UDS unix: scheme for P
+ rules in modules/mappers/mod_rewrite.c.
+ - debian/patches/CVE-2021-40438-3.patch: Handle UDS URIs with empty
+ hostname in modules/mappers/mod_rewrite.c,
+ modules/proxy/proxy_util.c.
- -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Tue, 28 Sep 2021
+ -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Tue, 28 Sep 2021
08:52:26 -0400
apache2 (2.4.48-3.1ubuntu2) impish; urgency=medium
- * SECURITY UPDATE: request splitting over HTTP/2
- - debian/patches/CVE-2021-33193.patch: refactor request parsing in
- include/ap_mmn.h, include/http_core.h, include/http_protocol.h,
- include/http_vhost.h, modules/http2/h2_request.c, server/core.c,
- server/core_filters.c, server/protocol.c, server/vhost.c.
- - CVE-2021-33193
- * SECURITY UPDATE: NULL deref via malformed requests
- - debian/patches/CVE-2021-34798.patch: add NULL check in
- server/scoreboard.c.
- - CVE-2021-34798
- * SECURITY UPDATE: DoS in mod_proxy_uwsgi
- - debian/patches/CVE-2021-36160.patch: fix PATH_INFO setting for
- generic worker in modules/proxy/mod_proxy_uwsgi.c.
- - CVE-2021-36160
- * SECURITY UPDATE: buffer overflow in ap_escape_quotes
- - debian/patches/CVE-2021-39275.patch: fix ap_escape_quotes
- substitution logic in server/util.c.
- - CVE-2021-39275
- * SECURITY UPDATE: arbitrary origin server via crafted request uri-path
- - debian/patches/CVE-2021-40438-pre1.patch: faster unix socket path
- parsing in the 'proxy:' URL in modules/proxy/mod_proxy.c,
- modules/proxy/proxy_util.c.
- - debian/patches/CVE-2021-40438.patch: add sanity checks on the
- configured UDS path in modules/proxy/proxy_util.c.
- - CVE-2021-40438
+ * SECURITY UPDATE: request splitting over HTTP/2
+ - debian/patches/CVE-2021-33193.patch: refactor request parsing in
+ include/ap_mmn.h, include/http_core.h, include/http_protocol.h,
+ include/http_vhost.h, modules/http2/h2_request.c, server/core.c,
+ server/core_filters.c, server/protocol.c, server/vhost.c.
+ - CVE-2021-33193
+ * SECURITY UPDATE: NULL deref via malformed requests
+ - debian/patches/CVE-2021-34798.patch: add NULL check in
+ server/scoreboard.c.
+ - CVE-2021-34798
+ * SECURITY UPDATE: DoS in mod_proxy_uwsgi
+ - debian/patches/CVE-2021-36160.patch: fix PATH_INFO setting for
+ generic worker in modules/proxy/mod_proxy_uwsgi.c.
+ - CVE-2021-36160
+ * SECURITY UPDATE: buffer overflow in ap_escape_quotes
+ - debian/patches/CVE-2021-39275.patch: fix ap_escape_quotes
+ substitution logic in server/util.c.
+ - CVE-2021-39275
+ * SECURITY UPDATE: arbitrary origin server via crafted request uri-path
+ - debian/patches/CVE-2021-40438-pre1.patch: faster unix socket path
+ parsing in the 'proxy:' URL in modules/proxy/mod_proxy.c,
+ modules/proxy/proxy_util.c.
+ - debian/patches/CVE-2021-40438.patch: add sanity checks on the
+ configured UDS path in modules/proxy/proxy_util.c.
+ - CVE-2021-40438
- -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Thu, 23 Sep 2021
+ -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Thu, 23 Sep 2021
12:51:16 -0400
apache2 (2.4.48-3.1ubuntu1) impish; urgency=medium
- * Merge with Debian unstable. Remaining changes:
- - debian/{control, apache2.install, apache2-utils.ufw.profile,
- apache2.dirs}: Add ufw profiles. (LP 261198)
- - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
- (LP 609177)
- - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
- d/s/include-binaries: replace Debian with Ubuntu on default
- page and add Ubuntu icon file. (LP 1288690)
- - d/apache2ctl: Also use systemd for graceful if it is in use.
- This extends an earlier fix for the start command to behave
- similarly for restart / graceful. Fixes service failures on
- unattended upgrade. (LP 1832182)
- - d/apache2ctl: Also use /run/systemd to check for systemd usage
- (LP 1918209)
+ * Merge with Debian unstable. Remaining changes:
+ - debian/{control, apache2.install, apache2-utils.ufw.profile,
+ apache2.dirs}: Add ufw profiles. (LP 261198)
+ - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
+ (LP 609177)
+ - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
+ d/s/include-binaries: replace Debian with Ubuntu on default
+ page and add Ubuntu icon file. (LP 1288690)
+ - d/apache2ctl: Also use systemd for graceful if it is in use.
+ This extends an earlier fix for the start command to behave
+ similarly for restart / graceful. Fixes service failures on
+ unattended upgrade. (LP 1832182)
+ - d/apache2ctl: Also use /run/systemd to check for systemd usage
+ (LP 1918209)
- -- Bryce Harrington <br...@canonical.com> Wed, 11 Aug 2021 20:03:24
+ -- Bryce Harrington <br...@canonical.com> Wed, 11 Aug 2021 20:03:24
-0700
** Changed in: apache2 (Ubuntu)
Milestone: None => ubuntu-22.01
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1946831
Title:
Merge apache2 from Debian unstable for 22.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1946831/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
