Format: 1.8 Date: Wed, 28 Jun 2017 19:19:08 +0200 Source: apache2 Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg Architecture: source amd64 all Version: 2.2.22-1ubuntu1.11+ta2 Distribution: babo62 Urgency: medium Maintainer: Ubuntu Developers Changed-By: Thorsten Alteholz Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-itk - multiuser MPM for Apache 2.2 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-bin - Apache HTTP Server common binary files apache2.2-common - Apache HTTP Server common files Changes: apache2 (2.2.22-1ubuntu1.11+ta2) babo62; urgency=medium . * Non-maintainer upload for Precise LTS * CVE-2017-3167 In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. * CVE-2017-3169 In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. * CVE-2017-7668 The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. * CVE-2017-7679 In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. Checksums-Sha1: 42430fc5097b77c2a68f59bf82f07081bdaf0230 2208 apache2_2.2.22-1ubuntu1.11+ta2.dsc f32537bad0ec58e3607cd51de74dd84a928f362e 280600 apache2_2.2.22-1ubuntu1.11+ta2.debian.tar.gz 984a05d8b218d50a31f827b7ef308e68a6293c45 324508 apache2.2-common_2.2.22-1ubuntu1.11+ta2_amd64.deb 9d6657d30efcb56b9f159e0024b85eb29fbfdcff 1451448 apache2.2-bin_2.2.22-1ubuntu1.11+ta2_amd64.deb fa6060a06895cb5604950941fe34d2061ec90b5a 2306 apache2-mpm-worker_2.2.22-1ubuntu1.11+ta2_amd64.deb 37b6f130142bf5b4c163622314a5f66c42777a25 2416 apache2-mpm-prefork_2.2.22-1ubuntu1.11+ta2_amd64.deb 2f058ee1a63ce18edd5a34c790f753035f7a4f26 2368 apache2-mpm-event_2.2.22-1ubuntu1.11+ta2_amd64.deb 56ae82941680955e2bfe576304c8a9f16d315225 2398 apache2-mpm-itk_2.2.22-1ubuntu1.11+ta2_amd64.deb 04c75108e639f58fd8d7ffe93b6d65f8a152d028 179602 apache2-utils_2.2.22-1ubuntu1.11+ta2_amd64.deb 48cfe322708c8c777177e4c3e1295c6edea26dd9 68548 apache2-suexec_2.2.22-1ubuntu1.11+ta2_amd64.deb 772ed5a029ca0cbf84ad0b1046c42d9511be8a0b 70258 apache2-suexec-custom_2.2.22-1ubuntu1.11+ta2_amd64.deb 0b45bf7452c26b488417a4e8ed7cf420d4b67f96 1498 apache2_2.2.22-1ubuntu1.11+ta2_amd64.deb 91da27c0c3e770d2800d142edc6f8335d1d96202 2710014 apache2-doc_2.2.22-1ubuntu1.11+ta2_all.deb e7cae661d08d6e3ad48f3328c15beeb48411b6dc 139428 apache2-prefork-dev_2.2.22-1ubuntu1.11+ta2_amd64.deb df120ccd7d671c375bc7b3e2ff8a475d9b629614 140556 apache2-threaded-dev_2.2.22-1ubuntu1.11+ta2_amd64.deb Checksums-Sha256: 3e7aae3aae05ce89a46b130d1b7a1fa258faf4fef14b53d8f22507174d17c002 2208 apache2_2.2.22-1ubuntu1.11+ta2.dsc 93a39c42e9a5c7f0c20752a27e960b032ec4d07df8853583fa9c2df9c481af7b 280600 apache2_2.2.22-1ubuntu1.11+ta2.debian.tar.gz 609f3ee3ec9a99a6384298eea0217c9639d28f5618feb9ba182ec307fe9ede6e 324508 apache2.2-common_2.2.22-1ubuntu1.11+ta2_amd64.deb 032661bd7714c291a49cc15f16fe5f2121cf4a5785e27062483790a574918294 1451448 apache2.2-bin_2.2.22-1ubuntu1.11+ta2_amd64.deb af901245bf2215cde8f2786ea3f63909d45486efab6b0763cc192a6f7fa5a87a 2306 apache2-mpm-worker_2.2.22-1ubuntu1.11+ta2_amd64.deb ab55b4cecf2561ecaabbbdd80872f2958a6472a02e2ce7325f76110445170bdb 2416 apache2-mpm-prefork_2.2.22-1ubuntu1.11+ta2_amd64.deb 53addd4629ee092f5cc7bfd76e929538a96e40358ad49bbc637995430db95b1e 2368 apache2-mpm-event_2.2.22-1ubuntu1.11+ta2_amd64.deb af853bc7e6cfdc4c157a9876d699b931ae272eb96cd76cd7be12159b33877952 2398 apache2-mpm-itk_2.2.22-1ubuntu1.11+ta2_amd64.deb 4bc62ba7f3514ec7481cb9b5151ec6d90eb2c5e0858528262241f2ffc1b546d8 179602 apache2-utils_2.2.22-1ubuntu1.11+ta2_amd64.deb 00ba1b6d708674a6ef6787d2db8292ad18c74d4687aab8c3aacb0c5c9a4173c6 68548 apache2-suexec_2.2.22-1ubuntu1.11+ta2_amd64.deb df1b7ec96142cff3e76280a3b11af1ea5c68e3eec154e3d44590282f8e06d1b8 70258 apache2-suexec-custom_2.2.22-1ubuntu1.11+ta2_amd64.deb fbcb7442300099023ebdd1b90aad37b51d5a7335a06d82c186485f699528aefa 1498 apache2_2.2.22-1ubuntu1.11+ta2_amd64.deb e529edb773b7a61a3ed3efae554d793f5b1357a7266daade2a31abea3415dad1 2710014 apache2-doc_2.2.22-1ubuntu1.11+ta2_all.deb 42a34424ae4531652d8fe76a2fa5a4dd5709af3fc101c121a78b700db0365b25 139428 apache2-prefork-dev_2.2.22-1ubuntu1.11+ta2_amd64.deb 23590ae104c2595773e4c5c8b138f4298b7d5c1acf6310ef25d9a176fd4d5a6f 140556 apache2-threaded-dev_2.2.22-1ubuntu1.11+ta2_amd64.deb Files: 56c3eca9444efc8382488b08691bb6aa 2208 httpd optional apache2_2.2.22-1ubuntu1.11+ta2.dsc d763a7f109ce17e679ed8739523c61dd 280600 httpd optional apache2_2.2.22-1ubuntu1.11+ta2.debian.tar.gz 172c1ce1bbb0bc3937e4c7cc8966a4e0 324508 httpd optional apache2.2-common_2.2.22-1ubuntu1.11+ta2_amd64.deb c5139c78072ae0e9fd47a33e15562402 1451448 httpd optional apache2.2-bin_2.2.22-1ubuntu1.11+ta2_amd64.deb a8be5b68c228786b4b9d3eb8b0375d06 2306 httpd optional apache2-mpm-worker_2.2.22-1ubuntu1.11+ta2_amd64.deb ab1c236369e32d9454bf5d033eecc1e2 2416 httpd optional apache2-mpm-prefork_2.2.22-1ubuntu1.11+ta2_amd64.deb 10b02d10d4c58e8098870ab5f1703120 2368 httpd optional apache2-mpm-event_2.2.22-1ubuntu1.11+ta2_amd64.deb 5b4a4ddf55e4cd92680b1fa603bf2876 2398 httpd extra apache2-mpm-itk_2.2.22-1ubuntu1.11+ta2_amd64.deb ab3f8f3f25e4258274af2674c524be05 179602 httpd optional apache2-utils_2.2.22-1ubuntu1.11+ta2_amd64.deb 924e06b43fb2fe1e093cbe4aa4b13603 68548 httpd optional apache2-suexec_2.2.22-1ubuntu1.11+ta2_amd64.deb 7be1f444f52b1e70ad789e1dac50e791 70258 httpd extra apache2-suexec-custom_2.2.22-1ubuntu1.11+ta2_amd64.deb f7f390951df3a418d22a3caa89982d5e 1498 httpd optional apache2_2.2.22-1ubuntu1.11+ta2_amd64.deb 6af3d2c392cc611a818fe28648b6e8c1 2710014 doc optional apache2-doc_2.2.22-1ubuntu1.11+ta2_all.deb abc61c30657bfa3ef6c8c0eb87a8e3cc 139428 httpd extra apache2-prefork-dev_2.2.22-1ubuntu1.11+ta2_amd64.deb 69d8d2a3c7b379b79d12b517ab1b1eb0 140556 httpd extra apache2-threaded-dev_2.2.22-1ubuntu1.11+ta2_amd64.deb Original-Maintainer: Debian Apache Maintainers Original-Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-apache/apache2.git Original-Vcs-Git: git://git.debian.org/git/pkg-apache/apache2.git