Accepted apache2 2.4.10-10+deb8u8 (source amd64 all) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 24 Feb 2017 19:36:41 +0100
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2.2-bin apache2.2-common libapache2-mod-proxy-html libapache2-mod-macro apache2-utils apache2-suexec apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg
Architecture: source amd64 all
Version: 2.4.10-10+deb8u8
Distribution: jessie-security
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description:
apache2 - Apache HTTP Server
apache2-bin - Apache HTTP Server (modules and other binary files)
apache2-data - Apache HTTP Server (common files)
apache2-dbg - Apache debugging symbols
apache2-dev - Apache HTTP Server (development headers)
apache2-doc - Apache HTTP Server (on-site documentation)
apache2-mpm-event - transitional event MPM package for apache2
apache2-mpm-itk - transitional itk MPM package for apache2
apache2-mpm-prefork - transitional prefork MPM package for apache2
apache2-mpm-worker - transitional worker MPM package for apache2
apache2-suexec - transitional package for apache2-suexec-pristine
apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
apache2-utils - Apache HTTP Server (utility programs for web servers)
apache2.2-bin - Transitional package for apache2-bin
apache2.2-common - Transitional package for apache2
libapache2-mod-macro - Transitional package for apache2-bin
libapache2-mod-proxy-html - Transitional package for apache2-bin
Closes: 836818
Changes:
apache2 (2.4.10-10+deb8u8) jessie-security; urgency=medium
.
* CVE-2016-8743: Enforce more HTTP conformance for request lines and
request headers, to prevent response splitting and cache pollution
by malicious clients or downstream proxies.
If this causes problems with non-conforming clients, some checks can
be relaxed by adding the new directive 'HttpProtocolOptions unsafe'
to the configuration.
Differently than the upstream 2.4.25 release which will also be in the
Debian 9 (stretch) release, this update for Debian 8 (jessie) accepts
underscores in host and domain names even while 'HttpProtocolOptions
strict' is in effect.
More information is available at
http://httpd.apache.org/docs/2.4/mod/core.html#httpprotocoloptions
* CVE-2016-0736: mod_session_crypto: Prevent padding oracle attack.
* CVE-2016-2161: mod_auth_digest: Prevent segfaults when the shared memory
space is exhausted.
* Activate mod_reqtimeout in new installs and during updates from
before 2.4.10-10+deb8u8. It was wrongly not activated in new installs
since jessie. This made the default installation vulnerable to some
DoS attacks.
* Don't run 2.2 to 2.4 upgrade logic again when upgrading from
2.4.10-10+deb8u*. Closes: #836818
Checksums-Sha1:
dd6e773c03c22eb97beffe56e39b9f4b17eea31e 3277 apache2_2.4.10-10+deb8u8.dsc
a789b374f989dfe3734cb9b1895e7d2891b5fd04 555484 apache2_2.4.10-10+deb8u8.debian.tar.xz
eca349323d757c556927f2f464b6317bbb858d2a 1154 libapache2-mod-proxy-html_2.4.10-10+deb8u8_amd64.deb
77301fbf47c8fd1c6dddfa5e559a7e15ffb9529a 1144 libapache2-mod-macro_2.4.10-10+deb8u8_amd64.deb
614ddb2e7ddcdc8ac27a4d3214762cae0d6f7325 207864 apache2_2.4.10-10+deb8u8_amd64.deb
674977677e376e5a815aff1b3087c07e9f20d229 162406 apache2-data_2.4.10-10+deb8u8_all.deb
9cfbe70817c7d93bc76f791f297c74d4b36d6e3b 1038126 apache2-bin_2.4.10-10+deb8u8_amd64.deb
a69da5560d584ab7c48e2b549be5ba91f08eab73 1512 apache2-mpm-worker_2.4.10-10+deb8u8_amd64.deb
cafcc2087aac55983162c6c3aa163c0f844a6e79 1516 apache2-mpm-prefork_2.4.10-10+deb8u8_amd64.deb
a0d59e70ea06d145af068f46649ba80a75bb75cf 1520 apache2-mpm-event_2.4.10-10+deb8u8_amd64.deb
52a844e16bb2bf5763895f5c3e10842b29accb8b 1516 apache2-mpm-itk_2.4.10-10+deb8u8_amd64.deb
d99e68a3f46e0891c5fa8d23b5791e605c43f8a5 1700 apache2.2-bin_2.4.10-10+deb8u8_amd64.deb
1279f9a662cfd48a920981cc31807af41c8be26c 125296 apache2.2-common_2.4.10-10+deb8u8_amd64.deb
cac2edc3c895607a1e834ceec50c08b2857d8094 195542 apache2-utils_2.4.10-10+deb8u8_amd64.deb
f85de16092354b6f7b366edc954541d2341cd509 1658 apache2-suexec_2.4.10-10+deb8u8_amd64.deb
996868cfbf6d78148fe21577d8e281c5375754ff 130468 apache2-suexec-pristine_2.4.10-10+deb8u8_amd64.deb
2c1e65c74b7da8a0650d99e32a8c5fcb5decb0ca 132000 apache2-suexec-custom_2.4.10-10+deb8u8_amd64.deb
a10fd327bab9a0bdbbe371e24d2f505965732885 2726758 apache2-doc_2.4.10-10+deb8u8_all.deb
34c6c78fb9dedc2d644e49ebea7e2419034a84b7 282096 apache2-dev_2.4.10-10+deb8u8_amd64.deb
cfb7275aa2d70c5f8f625e45411716759035059f 1710146 apache2-dbg_2.4.10-10+deb8u8_amd64.deb
Checksums-Sha256:
c20dc666e6192c3db716e1dfb60afed3248aabd9a2d3232301a11fe8d936dac6 3277 apache2_2.4.10-10+deb8u8.dsc
352be8c8245c162a9d97cf167a904fd1684904ffede565f23a654935701b40fa 555484 apache2_2.4.10-10+deb8u8.debian.tar.xz
a09d2b7bfd971095922fc3ca589cc0501aabdfc0755791bacf012d16b300c103 1154 libapache2-mod-proxy-html_2.4.10-10+deb8u8_amd64.deb
e2bde29696b975a927f7a3e725ba0b6901304394737efcfc412f18e0dd944ff1 1144 libapache2-mod-macro_2.4.10-10+deb8u8_amd64.deb
d67bc2f70311b241f31cced37b44fa85e9ab2dc98f87d944151fcd3ba5032b82 207864 apache2_2.4.10-10+deb8u8_amd64.deb
73fe8d7cb2fe67a0c752f1cd5e2c1a940ead1f0ec8583c626234e120ee7699d1 162406 apache2-data_2.4.10-10+deb8u8_all.deb
18bd449c9e26a22cf29efde7de14b879127e3c3d73d1ebaf3ac09c3bdf1313ca 1038126 apache2-bin_2.4.10-10+deb8u8_amd64.deb
8e8fc08d0cbff2e6fc58bddf80badda224cfd3c504a739e69497c0ae266cdc33 1512 apache2-mpm-worker_2.4.10-10+deb8u8_amd64.deb
fb826d2dfb5bc995ddd4b3b31fecebf1ecc596d119ab8346fe3d54d604c5d18a 1516 apache2-mpm-prefork_2.4.10-10+deb8u8_amd64.deb
e756d82ab7111a9c76291c91e344bbbddc0d9945704ad42f1140af0594c74cad 1520 apache2-mpm-event_2.4.10-10+deb8u8_amd64.deb
85a6d3d41de34be86a4acb810a24e72da2a7a9efb554fc173807f75329b3f448 1516 apache2-mpm-itk_2.4.10-10+deb8u8_amd64.deb
7e80bcb3c4f2d2ed6afaa049fb4130d55653470750300e8fc3adb5434a39e2e7 1700 apache2.2-bin_2.4.10-10+deb8u8_amd64.deb
8b08c3c976c8c7b35f7a76d6176a174eb1d801622e7973a689d29cece825b1bd 125296 apache2.2-common_2.4.10-10+deb8u8_amd64.deb
751cbf16fde465da8fdc31f860c54f5487eb2ac582c9a5097611a99bb020a7b4 195542 apache2-utils_2.4.10-10+deb8u8_amd64.deb
82e308b5fef7d26dad6d382e020a270f8cf5572bc05c1950b5d64e0b59d0a67f 1658 apache2-suexec_2.4.10-10+deb8u8_amd64.deb
e54bfb362c72af14a64b6eb0b7da3fb48594d51fb6fddf4b6b0b53215399d17b 130468 apache2-suexec-pristine_2.4.10-10+deb8u8_amd64.deb
f56682e5b498f42b90bce546eb6eadba4c54618c6147e560c8fceee175172c35 132000 apache2-suexec-custom_2.4.10-10+deb8u8_amd64.deb
4515cffae66cee5417f262d6435de8b861db875e461de2a4a647a1419c878935 2726758 apache2-doc_2.4.10-10+deb8u8_all.deb
9f885bb62dc21af34dbc4985911b472c1d6154af4288b9f68a24aca148c4c19c 282096 apache2-dev_2.4.10-10+deb8u8_amd64.deb
7c5975cfbc1d1c3c9f60d2b9d427bef11dbead146ad0325c1dc8336d08731df0 1710146 apache2-dbg_2.4.10-10+deb8u8_amd64.deb
Files:
4cc0006932cbdb7a2597691505f39424 3277 httpd optional apache2_2.4.10-10+deb8u8.dsc
7d43a85707568321b98305fe61e386d5 555484 httpd optional apache2_2.4.10-10+deb8u8.debian.tar.xz
3e47646cf09cb400f9ffc4a91a8e76c3 1154 oldlibs extra libapache2-mod-proxy-html_2.4.10-10+deb8u8_amd64.deb
589d68b12b551813914a86abd4e357c8 1144 oldlibs extra libapache2-mod-macro_2.4.10-10+deb8u8_amd64.deb
4d062041edc9d16d7b51483ae6040549 207864 httpd optional apache2_2.4.10-10+deb8u8_amd64.deb
032b846217bde330e468287fe1641f9b 162406 httpd optional apache2-data_2.4.10-10+deb8u8_all.deb
d5f0daa9b346b8e0ce9260e09299dd47 1038126 httpd optional apache2-bin_2.4.10-10+deb8u8_amd64.deb
9fb3b665a27206c7e38bcab206e13cbf 1512 oldlibs extra apache2-mpm-worker_2.4.10-10+deb8u8_amd64.deb
7051fe995c6774171c816a4155a60753 1516 oldlibs extra apache2-mpm-prefork_2.4.10-10+deb8u8_amd64.deb
e82aa67838c581d8217795dd6dbcb614 1520 oldlibs extra apache2-mpm-event_2.4.10-10+deb8u8_amd64.deb
02087a3aca5137b2dfa84a16e798335f 1516 oldlibs extra apache2-mpm-itk_2.4.10-10+deb8u8_amd64.deb
d75e14ca2236e25011f677c317d41860 1700 oldlibs extra apache2.2-bin_2.4.10-10+deb8u8_amd64.deb
8f563c18f007dd36905c45b957ebad2b 125296 oldlibs extra apache2.2-common_2.4.10-10+deb8u8_amd64.deb
7e6e33847d9ec6e7ca1d810e54d2e335 195542 httpd optional apache2-utils_2.4.10-10+deb8u8_amd64.deb
d8e34574d2f54e31c5a27d1f2167184d 1658 oldlibs extra apache2-suexec_2.4.10-10+deb8u8_amd64.deb
0f6146529311b60fdf76414c8216b31d 130468 httpd optional apache2-suexec-pristine_2.4.10-10+deb8u8_amd64.deb
a711b33267a0a4ea94c57206ea37316e 132000 httpd extra apache2-suexec-custom_2.4.10-10+deb8u8_amd64.deb
c5d33425a0d9f021d0b39df527b4634a 2726758 doc optional apache2-doc_2.4.10-10+deb8u8_all.deb
48cbfda3a06e3ecafe6f13a4454a03cd 282096 httpd optional apache2-dev_2.4.10-10+deb8u8_amd64.deb
fbe93f7d4eacb7f4dc3e2b24c2f69b84 1710146 debug extra apache2-dbg_2.4.10-10+deb8u8_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOpiNza8JqByyYYsxxodfNUHO/eAFAliwgxsACgkQxodfNUHO
/eBCGBAAuEZC4ZPOU3jSpchWD0d9mt4I7YijN3Ao+fMcnM4S/woj3iLQCbJU7ThI
yjij9vDtspnRPIriGf1iECmXrye421KvEZ9wMFWZlmcManV/vSr+1vKqPK8ngN2+
GR+SookKOpeSJmtfbZn8H1qPF8ZMfwbU3SAsaCFQrW3rJjLwLHy3OZOEasrerXTq
w/04coSJLQXpBkhELLY3q7VPtjh8F5a6wrzYp41emg5QIIMAmYVXv2nf5XBpmx8R
cKhAB0f1Rg+0X0TGq+cKR6KPTwF5bCocM7A6QsXUliguFc+Th8LCkE6tovRW9miH
XbzSTcNPTKhc7ou60rkPYQKxy8ifTnG1lLjnOdz6GdFSgtU0/kXTBVp20uCzzzD2
oiNT4HucABG68evQoc6CGUzQpqVD5iibl1RzUHCsu4+7QaKSQz+ZsXkwRrLpVuOY
pNdjURtjuG5/LzjbmgJCOsk0wxJ8q0XxO6W9ikprSqxGsAZdoY2pdzY+ZB0HeQC5
wmPouIqjN+S/8eZdhm+Q+oowZHtauO+0U+n4MontTuxPqWpmej+UZQo/beyjuJay
Ty3mToyBayIa8ZVdEUv2k/FA25c+pVrSHxfc9chHqd57kuBN8Rok6pb00+aadBR1
N2IDFHdP8B8ryOL718fVuyrGszF0nIKJLjoOpioFPq6VbAQOb1I=
=9/uL
-----END PGP SIGNATURE-----