Back to apache2 PTS page

Accepted apache2 2.4.25-1 (source amd64 all) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted apache2 2.4.25-1 (source amd64 all) into unstable
From: Stefan Fritsch <sf@debian.org>
Date: Wed, 21 Dec 2016 23:18:50 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1cJq9q-000GRl-1J@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 21 Dec 2016 23:46:06 +0100
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg
Architecture: source amd64 all
Version: 2.4.25-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
Closes: 834708 847124
Changes:
 apache2 (2.4.25-1) unstable; urgency=medium
 .
   [ New upstream release ]
   * Security: CVE-2016-0736:
     mod_session_crypto: Authenticate the session data/cookie with a MAC to
     prevent deciphering or tampering with a padding oracle attack.
   * Security: CVE-2016-2161:
     mod_auth_digest: Prevent segfaults during client entry allocation when the
     shared memory space is exhausted.
   * Security: CVE-2016-5387:
     Mitigate [f]cgi "httpoxy" issues.
   * Security: CVE-2016-8740:
     mod_http2: Mitigate DoS memory exhaustion via endless CONTINUATION frames.
     Closes: #847124
   * Security: CVE-2016-8743:
     Enforce HTTP request grammar corresponding to RFC7230 for request lines
     and request headers, to prevent response splitting and cache pollution by
     malicious clients or downstream proxies.
   * The stricter HTTP enforcement may cause compatibility problems with
     non-conforming clients. Fine-tuning is possible with the new
     HttpProtocolOptions directive.
   * mpm_event: Fix "scoreboard full" errors. Closes: #834708 LP: #1466926
   * mod_http2: Many fixes and support for early pushes using the new
     H2PushResource directive.
 .
   [ Stefan Fritsch ]
   * Switch to debhelper compatibility level 9.
Checksums-Sha1:
 1e287e10f71bf372ebe0576e34e7fbcfc2981202 2832 apache2_2.4.25-1.dsc
 bd6d138c31c109297da2346c6e7b93b9283993d2 6398218 apache2_2.4.25.orig.tar.bz2
 267b82b033a4e1ccdfbdebcab41dc8ae6b4c3c26 352968 apache2_2.4.25-1.debian.tar.xz
 78b91dcfabead6c54cccfa16fd49238c9e2f537f 1176860 apache2-bin_2.4.25-1_amd64.deb
 f976e2faa4e0ce794952134a7e3b90864da9179a 162036 apache2-data_2.4.25-1_all.deb
 052d8df1f0dd1df400ad00a8a767e6e1410e4d62 3968200 apache2-dbg_2.4.25-1_amd64.deb
 6573dd2b4322ebdcec64a77f7218e559d8d653e5 312208 apache2-dev_2.4.25-1_amd64.deb
 7e64982ed99d91dd0db22fdb99c99cdce5800e38 3769488 apache2-doc_2.4.25-1_all.deb
 b78dac42d8ae2baeabe915523ef8841e89d0933c 2258 apache2-ssl-dev_2.4.25-1_amd64.deb
 835ffa8bf497698dfc0c803911f75085e177bc29 153964 apache2-suexec-custom_2.4.25-1_amd64.deb
 85c2abbaa48e25810d9f0f885daeaa486df6f859 152512 apache2-suexec-pristine_2.4.25-1_amd64.deb
 406d43f4b234fcd454f27d82259cd5871e92d804 215796 apache2-utils_2.4.25-1_amd64.deb
 af1206aca2dedbeeb8785053f4aab098343c5ffe 8742 apache2_2.4.25-1_amd64.buildinfo
 0f20768a2f8584e46bcc2c68bfa388fc524cc0fc 234062 apache2_2.4.25-1_amd64.deb
Checksums-Sha256:
 60d20309067f066e206939858a792721218367cbfc020bbef18c2f80edc07854 2832 apache2_2.4.25-1.dsc
 f87ec2df1c9fee3e6bfde3c8b855a3ddb7ca1ab20ca877bd0e2b6bf3f05c80b2 6398218 apache2_2.4.25.orig.tar.bz2
 53f8e5ad9bc8764abcd80a671df9bd5fc3fcad150c57c6a176ca48ba5e7c58d7 352968 apache2_2.4.25-1.debian.tar.xz
 52bcfdfbad294c3dd3e91be17d35cbdff9afc479163e1a7d663cb4350fd54b49 1176860 apache2-bin_2.4.25-1_amd64.deb
 ee3e88c8e48db991b649b0a3ba8beb564f62cb577bb97823f080cd28355e61bb 162036 apache2-data_2.4.25-1_all.deb
 ef63b03024b0d69315c5c0f49fead13c9fcc1a1bd3172f34527c34c01871c182 3968200 apache2-dbg_2.4.25-1_amd64.deb
 143df9ba7925c349be47cf907648154cf549910a3034fbcb5ba84c7532eeaf5b 312208 apache2-dev_2.4.25-1_amd64.deb
 304a8050b6e234de38b7216e4830da0cceadda34bb41aecffc183827ca0ee390 3769488 apache2-doc_2.4.25-1_all.deb
 9cebd3b51778b88173cf77123ed3a23aac46adca7034de23dca891ac9bb5e550 2258 apache2-ssl-dev_2.4.25-1_amd64.deb
 1e3329ecdc01d3705fee07a44aa91b90dcf07bddc7d61153009d8ff2b87b2fa0 153964 apache2-suexec-custom_2.4.25-1_amd64.deb
 bb87c1c06c2e0e6e6dea1bcfa64b72d0c10a76fce80d6bd78be1a25e780ce89f 152512 apache2-suexec-pristine_2.4.25-1_amd64.deb
 d5b62f96555f4a4e0358bd33f77d58e802f3f313c9ae3faed5c38f14fad4e12c 215796 apache2-utils_2.4.25-1_amd64.deb
 52a791a5e652646bc09f105a759668b945c3fd07837669fb76b5f2030041c846 8742 apache2_2.4.25-1_amd64.buildinfo
 641d571f92878ac71c99009ee038431ae9de9120cb65838ef5cc203d90434c44 234062 apache2_2.4.25-1_amd64.deb
Files:
 3067e4672e039a9e0d0a65e72f698b96 2832 httpd optional apache2_2.4.25-1.dsc
 2826f49619112ad5813c0be5afcc7ddb 6398218 httpd optional apache2_2.4.25.orig.tar.bz2
 0b7704b3ed8d5e41c55778d8bc336e5d 352968 httpd optional apache2_2.4.25-1.debian.tar.xz
 7fa01546dff187a703735a3f478b19e8 1176860 httpd optional apache2-bin_2.4.25-1_amd64.deb
 52d581b39e92874403032e90df0c0837 162036 httpd optional apache2-data_2.4.25-1_all.deb
 98fe280dabf7217cad53d9e399ad7a55 3968200 debug extra apache2-dbg_2.4.25-1_amd64.deb
 654b773de54590be71d5e84a13b01f5d 312208 httpd optional apache2-dev_2.4.25-1_amd64.deb
 f202754da5c80ba4f6329c6768a0afd2 3769488 doc optional apache2-doc_2.4.25-1_all.deb
 cbde1c7020b9b71a172bf91b7830be8f 2258 httpd optional apache2-ssl-dev_2.4.25-1_amd64.deb
 fe3b50ff04c7e40a26cd24077e4955a5 153964 httpd extra apache2-suexec-custom_2.4.25-1_amd64.deb
 b42b3994df54fe19f9999295a3d43283 152512 httpd optional apache2-suexec-pristine_2.4.25-1_amd64.deb
 46f61a8045d7d306d1804e1caa1d5a8b 215796 httpd optional apache2-utils_2.4.25-1_amd64.deb
 4593fa8425971565fd647a1862718910 8742 httpd optional apache2_2.4.25-1_amd64.buildinfo
 061abd0cbaf1fe9c2823ea3592289c14 234062 httpd optional apache2_2.4.25-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOpiNza8JqByyYYsxxodfNUHO/eAFAlhbC0MACgkQxodfNUHO
/eBIrQ/+KA+/NfRlLAICgFbBJq4PUad/9xD6TdXFgqLlKFEb0wWIHm8HiJbKKwMd
tS0Wy6N/zIZ7oz93MPRdnlewTTneIEBvf6N0m9MXJEopQNOeaVkQAA3/FXl9VcQW
Q200OqboPIQhfruLSc/IXl+YNZ+Bz9InLh6ldwYvpLKmCSmde4g3/f9/JhCRqKlF
90stlj17eM3XFqHgKlhmA7hU9C5AkqIuPlvpeJSjcSNQnI5jx1kvnhBgiTySHy5p
EeZRCp91qa6fdgUzbWOe2/hXcmO4vNllDNmGMK9mfvRQhvt8Fe8E2xUXFZCRy8Nk
QFYt8XwVasw976dbDh7boc65E/e828rlgMZ0zdbYAn31Kj5KOg4yfCtk1Y+tgNYW
roEUW9OkSZI7QMIh2Q5zqDE7c0f8xYt+15howQcERATdAA11ABArAZOOoJXtEShj
QFrkEHuRwwnMxMMaE6CImHWL1QhnlywWsDyOep9QcsTrSM0Z5Ml5mIkXERaqH96B
ojI8wDZpXGCBvV5KDXAM/DkfNyv/PVfVMAx+w7T/UArSyfALwWHE7nsXYMgDurNB
SFplg+N+N92RvigM6DgffYjAQ8/27JKCwiFr4O7HaQwRuAUiajLPpT0NcRrPKrUc
MkgRY2YpWhi6NzULouIZmIX/7p1cFz0OkGLh1/vuQq/fGNc1aaE=
=Focz
-----END PGP SIGNATURE-----