** Description changed: - Scheduled-For: 23.01 Upstream: 2.4.51 - Debian: 2.4.51-1 + Debian: 2.4.51-1 Ubuntu: 2.4.48-3.1ubuntu3 - Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. - ### New Debian Changes ### apache2 (2.4.51-1) unstable; urgency=medium - * New upstream version 2.4.51 (Closes: CVE-2021-41773, CVE-2021-42013) - * Fix apache2ctl (see https://github.com/oerdnj/deb.sury.org/issues/1659) + * New upstream version 2.4.51 (Closes: CVE-2021-41773, CVE-2021-42013) + * Fix apache2ctl (see https://github.com/oerdnj/deb.sury.org/issues/1659) - -- Yadd <y...@debian.org> Thu, 07 Oct 2021 20:35:33 +0200 + -- Yadd <y...@debian.org> Thu, 07 Oct 2021 20:35:33 +0200 apache2 (2.4.50-1) unstable; urgency=high - * New upstream version 2.4.50 (Closes: CVE-2021-41773, CVE-2021-41524) - * Remove patches already merged upstream + * New upstream version 2.4.50 (Closes: CVE-2021-41773, CVE-2021-41524) + * Remove patches already merged upstream - -- Ondřej Surý <ond...@debian.org> Tue, 05 Oct 2021 13:25:23 +0200 + -- Ondřej Surý <ond...@debian.org> Tue, 05 Oct 2021 13:25:23 +0200 apache2 (2.4.49-4) unstable; urgency=medium - [ Ondřej Surý ] - * Add upstream patch to fix crash in 2.4.49 + [ Ondřej Surý ] + * Add upstream patch to fix crash in 2.4.49 - -- Yadd <y...@debian.org> Fri, 01 Oct 2021 11:34:24 +0200 + -- Yadd <y...@debian.org> Fri, 01 Oct 2021 11:34:24 +0200 apache2 (2.4.49-3) unstable; urgency=medium - [ Yadd ] - * Re-export upstream signing key without extra signatures. - * Drop transition for old debug package migration. + [ Yadd ] + * Re-export upstream signing key without extra signatures. + * Drop transition for old debug package migration. - [ Moritz Muehlenhoff ] - * Fix CVE-2021-40438 regression + [ Moritz Muehlenhoff ] + * Fix CVE-2021-40438 regression - -- Yadd <y...@debian.org> Thu, 30 Sep 2021 06:00:06 +0200 + -- Yadd <y...@debian.org> Thu, 30 Sep 2021 06:00:06 +0200 apache2 (2.4.49-2) unstable; urgency=medium - [ Michiel Hazelhof ] - * Fix multi instance issue (Closes: #868861) + [ Michiel Hazelhof ] + * Fix multi instance issue (Closes: #868861) - [ Philippe Ombredanne ] - * Fix GPL version typo in copyright file + [ Philippe Ombredanne ] + * Fix GPL version typo in copyright file - -- Yadd <y...@debian.org> Thu, 23 Sep 2021 13:55:55 +0200 + -- Yadd <y...@debian.org> Thu, 23 Sep 2021 13:55:55 +0200 apache2 (2.4.49-1) unstable; urgency=medium - * Update upstream GPG keys - * New upstream version 2.4.49 (Closes: CVE-2021-34798, CVE-2021-36160, - CVE-2021-39275, CVE-2021-40438) - * Refresh patches + * Update upstream GPG keys + * New upstream version 2.4.49 (Closes: CVE-2021-34798, CVE-2021-36160, + CVE-2021-39275, CVE-2021-40438) + * Refresh patches - -- Yadd <y...@debian.org> Thu, 16 Sep 2021 06:22:23 +0200 + -- Yadd <y...@debian.org> Thu, 16 Sep 2021 06:22:23 +0200 apache2 (2.4.48-4) unstable; urgency=medium - * Fix mod_proxy HTTP2 request line injection (Closes: CVE-2021-33193) + * Fix mod_proxy HTTP2 request line injection (Closes: CVE-2021-33193) - -- Yadd <y...@debian.org> Thu, 12 Aug 2021 11:37:43 +0200 + -- Yadd <y...@debian.org> Thu, 12 Aug 2021 11:37:43 +0200 apache2 (2.4.48-3.1) unstable; urgency=medium - * Non-maintainer upload. - * Direct init script reload output from logrotate to syslog, to - avoid mail-spamming the local admin (Closes: #990580) + * Non-maintainer upload. + * Direct init script reload output from logrotate to syslog, to + avoid mail-spamming the local admin (Closes: #990580) - -- Thorsten Glaser <t...@mirbsd.de> Sat, 10 Jul 2021 23:31:28 +0200 + -- Thorsten Glaser <t...@mirbsd.de> Sat, 10 Jul 2021 23:31:28 +0200 apache2 (2.4.48-3) unstable; urgency=medium - * Fix debian/changelog + * Fix debian/changelog - -- Yadd <y...@debian.org> Sun, 20 Jun 2021 16:39:33 +0200 + -- Yadd <y...@debian.org> Sun, 20 Jun 2021 16:39:33 +0200 apache2 (2.4.48-2) unstable; urgency=medium - * Back to unstable: Apache2 will follow upstream changes for Bullseye + * Back to unstable: Apache2 will follow upstream changes for Bullseye - [ Christian Ehrhardt ] - * d/t/control, d/t/check-http2: basic test for http2 (Closes: #884068) + [ Christian Ehrhardt ] + * d/t/control, d/t/check-http2: basic test for http2 (Closes: #884068) - -- Yadd <y...@debian.org> Sat, 19 Jun 2021 17:50:29 +0200 + -- Yadd <y...@debian.org> Sat, 19 Jun 2021 17:50:29 +0200 apache2 (2.4.48-1) experimental; urgency=medium - [ Daniel Lewart ] - * Update apache2.logrotate (Closes: #979813) + [ Daniel Lewart ] + * Update apache2.logrotate (Closes: #979813) - [ Andreas Hasenack ] - * Avoid test suite failure (Closes: #985012) + [ Andreas Hasenack ] + * Avoid test suite failure (Closes: #985012) - [ Yadd ] - * Update lintian overrides - * Re-export upstream signing key without extra signatures. + [ Yadd ] + * Update lintian overrides + * Re-export upstream signing key without extra signatures. - [ Ondřej Surý ] - * New upstream version 2.4.48 (Closes: CVE-2019-17567, CVE-2020-13938, - CVE-2020-13950, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691, - CVE-2021-30641, CVE-2021-31618) + [ Ondřej Surý ] + * New upstream version 2.4.48 (Closes: CVE-2019-17567, CVE-2020-13938, + CVE-2020-13950, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691, + CVE-2021-30641, CVE-2021-31618) - -- Ondřej Surý <ond...@debian.org> Tue, 08 Jun 2021 08:29:35 +0200 + -- Ondřej Surý <ond...@debian.org> Tue, 08 Jun 2021 08:29:35 +0200 apache2 (2.4.47-1) experimental; urgency=medium - ### Old Ubuntu Delta ### apache2 (2.4.48-3.1ubuntu3) impish; urgency=medium - * SECURITY REGRESSION: Issues in UDS URIs (LP: #1945311) - - debian/patches/CVE-2021-40438-2.patch: Fix UDS unix: scheme for P - rules in modules/mappers/mod_rewrite.c. - - debian/patches/CVE-2021-40438-3.patch: Handle UDS URIs with empty - hostname in modules/mappers/mod_rewrite.c, - modules/proxy/proxy_util.c. + * SECURITY REGRESSION: Issues in UDS URIs (LP: #1945311) + - debian/patches/CVE-2021-40438-2.patch: Fix UDS unix: scheme for P + rules in modules/mappers/mod_rewrite.c. + - debian/patches/CVE-2021-40438-3.patch: Handle UDS URIs with empty + hostname in modules/mappers/mod_rewrite.c, + modules/proxy/proxy_util.c. - -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Tue, 28 Sep 2021 + -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Tue, 28 Sep 2021 08:52:26 -0400 apache2 (2.4.48-3.1ubuntu2) impish; urgency=medium - * SECURITY UPDATE: request splitting over HTTP/2 - - debian/patches/CVE-2021-33193.patch: refactor request parsing in - include/ap_mmn.h, include/http_core.h, include/http_protocol.h, - include/http_vhost.h, modules/http2/h2_request.c, server/core.c, - server/core_filters.c, server/protocol.c, server/vhost.c. - - CVE-2021-33193 - * SECURITY UPDATE: NULL deref via malformed requests - - debian/patches/CVE-2021-34798.patch: add NULL check in - server/scoreboard.c. - - CVE-2021-34798 - * SECURITY UPDATE: DoS in mod_proxy_uwsgi - - debian/patches/CVE-2021-36160.patch: fix PATH_INFO setting for - generic worker in modules/proxy/mod_proxy_uwsgi.c. - - CVE-2021-36160 - * SECURITY UPDATE: buffer overflow in ap_escape_quotes - - debian/patches/CVE-2021-39275.patch: fix ap_escape_quotes - substitution logic in server/util.c. - - CVE-2021-39275 - * SECURITY UPDATE: arbitrary origin server via crafted request uri-path - - debian/patches/CVE-2021-40438-pre1.patch: faster unix socket path - parsing in the 'proxy:' URL in modules/proxy/mod_proxy.c, - modules/proxy/proxy_util.c. - - debian/patches/CVE-2021-40438.patch: add sanity checks on the - configured UDS path in modules/proxy/proxy_util.c. - - CVE-2021-40438 + * SECURITY UPDATE: request splitting over HTTP/2 + - debian/patches/CVE-2021-33193.patch: refactor request parsing in + include/ap_mmn.h, include/http_core.h, include/http_protocol.h, + include/http_vhost.h, modules/http2/h2_request.c, server/core.c, + server/core_filters.c, server/protocol.c, server/vhost.c. + - CVE-2021-33193 + * SECURITY UPDATE: NULL deref via malformed requests + - debian/patches/CVE-2021-34798.patch: add NULL check in + server/scoreboard.c. + - CVE-2021-34798 + * SECURITY UPDATE: DoS in mod_proxy_uwsgi + - debian/patches/CVE-2021-36160.patch: fix PATH_INFO setting for + generic worker in modules/proxy/mod_proxy_uwsgi.c. + - CVE-2021-36160 + * SECURITY UPDATE: buffer overflow in ap_escape_quotes + - debian/patches/CVE-2021-39275.patch: fix ap_escape_quotes + substitution logic in server/util.c. + - CVE-2021-39275 + * SECURITY UPDATE: arbitrary origin server via crafted request uri-path + - debian/patches/CVE-2021-40438-pre1.patch: faster unix socket path + parsing in the 'proxy:' URL in modules/proxy/mod_proxy.c, + modules/proxy/proxy_util.c. + - debian/patches/CVE-2021-40438.patch: add sanity checks on the + configured UDS path in modules/proxy/proxy_util.c. + - CVE-2021-40438 - -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Thu, 23 Sep 2021 + -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Thu, 23 Sep 2021 12:51:16 -0400 apache2 (2.4.48-3.1ubuntu1) impish; urgency=medium - * Merge with Debian unstable. Remaining changes: - - debian/{control, apache2.install, apache2-utils.ufw.profile, - apache2.dirs}: Add ufw profiles. (LP 261198) - - debian/apache2.py, debian/apache2-bin.install: Add apport hook. - (LP 609177) - - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm, - d/s/include-binaries: replace Debian with Ubuntu on default - page and add Ubuntu icon file. (LP 1288690) - - d/apache2ctl: Also use systemd for graceful if it is in use. - This extends an earlier fix for the start command to behave - similarly for restart / graceful. Fixes service failures on - unattended upgrade. (LP 1832182) - - d/apache2ctl: Also use /run/systemd to check for systemd usage - (LP 1918209) + * Merge with Debian unstable. Remaining changes: + - debian/{control, apache2.install, apache2-utils.ufw.profile, + apache2.dirs}: Add ufw profiles. (LP 261198) + - debian/apache2.py, debian/apache2-bin.install: Add apport hook. + (LP 609177) + - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm, + d/s/include-binaries: replace Debian with Ubuntu on default + page and add Ubuntu icon file. (LP 1288690) + - d/apache2ctl: Also use systemd for graceful if it is in use. + This extends an earlier fix for the start command to behave + similarly for restart / graceful. Fixes service failures on + unattended upgrade. (LP 1832182) + - d/apache2ctl: Also use /run/systemd to check for systemd usage + (LP 1918209) - -- Bryce Harrington <br...@canonical.com> Wed, 11 Aug 2021 20:03:24 + -- Bryce Harrington <br...@canonical.com> Wed, 11 Aug 2021 20:03:24 -0700
** Changed in: apache2 (Ubuntu) Milestone: None => ubuntu-22.01 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1946831 Title: Merge apache2 from Debian unstable for 22.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1946831/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs