Back to apache2 PTS page

Accepted apache2 2.4.25-3+deb9u11 (source) into oldoldstable

To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
Subject: Accepted apache2 2.4.25-3+deb9u11 (source) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 02 Oct 2021 15:30:12 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1mWgxo-0002K8-4O@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 02 Oct 2021 15:27:55 +0200
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg
Architecture: source
Version: 2.4.25-3+deb9u11
Distribution: stretch-security
Urgency: high
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
Changes:
 apache2 (2.4.25-3+deb9u11) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2021-34798: malformed requests may cause the server to dereference
     a NULL pointer.
   * CVE-2021-39275: ap_escape_quotes() may write beyond the end of a
     buffer when given malicious input. No included modules pass untrusted
     data to these functions, but third-party / external modules may.
   * CVE-2021-40438: a crafted request uri-path can cause mod_proxy to
     forward the request to an origin server choosen by the remote user.
Checksums-Sha1:
 06062488c85dacdd01f6f045483484dd5cd6f728 2990 apache2_2.4.25-3+deb9u11.dsc
 a00823861ea92e2b8803c2343a4203cc6b2b17c6 821216 apache2_2.4.25-3+deb9u11.debian.tar.xz
 3a42f4ad337f118340d9e463e6203f2ec257ce80 9546 apache2_2.4.25-3+deb9u11_amd64.buildinfo
Checksums-Sha256:
 21c276d0d54ad0d3882793f0254e5d471f83d07f7c31a5a7b4b35c5f4b465cc6 2990 apache2_2.4.25-3+deb9u11.dsc
 52b8447a3901baf57971df2c0c71b14f17e9b737b746c5e369185d74707125b3 821216 apache2_2.4.25-3+deb9u11.debian.tar.xz
 9ef2214514e620936435cb8a41bf04a6c2333ddff55b125a1e409708b1273a12 9546 apache2_2.4.25-3+deb9u11_amd64.buildinfo
Files:
 11dc7d008bce8ffdd233f54f56b0079a 2990 httpd optional apache2_2.4.25-3+deb9u11.dsc
 6166de4385f74dc3cdd7a2da3d15aa5f 821216 httpd optional apache2_2.4.25-3+deb9u11.debian.tar.xz
 79fcaa5d17fa338eafe49c84678e11ae 9546 httpd optional apache2_2.4.25-3+deb9u11_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmFYdrUACgkQDTl9HeUl
XjDQPBAAooETaPMDv5OqMaknA91uO5ZCuXJKer9liEbI8wTZnVE23VEmtvV7pHqd
ui3aUJJpaARrn+E4SyTo4rZCO72xxPD/G8U8ClzoYDDoBT6rugtUI768TwzodAVX
bVW1gtQHoPtTn87txGwfgjjI+7YuYNISN2W74qrpBQbH6RjgrP1lAhiKD5ksvv7j
ZDiQlgkKi1emFOtBgWXGji2mkmRQUVbkZlAxswLon4UXYyo+83JYlyT9syPBRuz0
J/UKIpFmuyYxaMyCBdLuuPsYjKTpv7e1Gg7AfzBe+6tG34yBzFnzzfGLWn+tWeyv
QV4OWVd+xzs9vxVkN12yNvwaJsZDBs4DLfvtTaR9F2eC/eEXiol1N5R+NSuk+F5g
joXnpC12J+dhOy5CvAf84NLQl9OTDcRLYVPng1VYiPRKW0jXrV318kL4mSdrcsOM
HsoVyHWKkvrXUfdnyo6O3MZ25HUOsZyT0LM08QyXK2yNSag8tuFEECHtVV1Bc4T0
Ljp6vbrFICdGuIksDwTqULNM0piejajVsuKcpiShovzAVMK6uZIRT6krihyR09Tl
SCfIkGBo+MgXprTl5s8EJY2SJFDmw6L6oNL5iNYpissCLrsJ6bYFxhxsr7CaC8nC
pX/oN/TziCQlE7jj/MBQyyR0jCFa28FFkkZQ4awlbSPfd9rUHtk=
=Z+UX
-----END PGP SIGNATURE-----