Back to apache2 PTS page

Accepted apache2 2.4.38-3+deb10u8 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted apache2 2.4.38-3+deb10u8 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 02 Aug 2022 20:16:13 +0000
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:To:Reply-To:From:Cc: Content-ID:Content-Description:In-Reply-To:References; bh=EZ7g4Zgp73r7F6YJClQoDy4XXiHKUljJCR+tIjdVsGo=; b=Kdxa/0Re5V5KTNKa+A+qHbOhRc 2mZXsNALy9LunQMlibX45LUNiBiDtql5Q4FLZkocHG/d+ajjlhrzUN1BwevN0XNDRcjZWjd9hMH7+ zCqPZgzZxvAJ8dlLjuVg/4rLcu6QXMmIXuwW08EJ4HXZspNvUtIOOIH8DrkLjX+keMksylMA8L0F2 cBJxlOVsH0p5Av1u/I95KEpX5TauD2uiNOZWwGNcHLQfdl99G/6sjX21Y7NWfLSEYq6MK7O0x+Vck 8CcJAyt2B5qTXecX94YTJU6HvMEDrwN/Nv4sJTXwyJCyP00xLoUWq+KhR74+N9OIJnVtiU3BM8h4n m5rSxLfQ==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1oIyJJ-00CEDQ-C7@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 20 Jun 2022 15:03:00 -0400
Source: apache2
Architecture: source
Version: 2.4.38-3+deb10u8
Distribution: buster
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Roberto C. Sánchez <roberto@debian.org>
Changes:
 apache2 (2.4.38-3+deb10u8) buster; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2022-22719: denial of service in mod_lua via crafted request body.
   * CVE-2022-22720: HTTP request smuggling.
   * CVE-2022-22721: integer overflow leading to buffer overflow write.
   * CVE-2022-23943: heap memory overwrite via crafted data in mod_sed.
   * CVE-2022-26377: mod_proxy_ajp: Possible request smuggling.
   * CVE-2022-28614: read beyond bounds via ap_rwrite().
   * CVE-2022-28615: Read beyond bounds in ap_strcmp_match().
   * CVE-2022-29404: Denial of service in mod_lua r:parsebody.
   * CVE-2022-30522: mod_sed denial of service.
   * CVE-2022-30556: Information Disclosure in mod_lua with websockets.
   * CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism.
Checksums-Sha1:
 b7ccf6bd8ccaf574a7df701a0d6de0ed8fbaa772 3263 apache2_2.4.38-3+deb10u8.dsc
 edb6ca206de92cfd1f93dee1003da7c263167c0d 1092444 apache2_2.4.38-3+deb10u8.debian.tar.xz
 da8b2ea1362da5fcaba8074fd34518550df5b241 12091 apache2_2.4.38-3+deb10u8_amd64.buildinfo
Checksums-Sha256:
 756d7b64958ab5bbe1f4526518efdb096fda59418eb7d6a84e704557414bddbc 3263 apache2_2.4.38-3+deb10u8.dsc
 63d2e8fb0b2a148e1ebddc1ef57d90f97c1478e9dc6127fc8a63e52fd90b0d35 1092444 apache2_2.4.38-3+deb10u8.debian.tar.xz
 2a61c67ca9a4e3a112294d6e32b74791966bc7b2d3f6e13d3584eacca144ea66 12091 apache2_2.4.38-3+deb10u8_amd64.buildinfo
Files:
 e6ef4213da9d1a30eef9eb7acb0a5d04 3263 httpd optional apache2_2.4.38-3+deb10u8.dsc
 c690ddcb5867ac0281142dc51b226b10 1092444 httpd optional apache2_2.4.38-3+deb10u8.debian.tar.xz
 89f3f694f429b0162cb7adea67adac0d 12091 httpd optional apache2_2.4.38-3+deb10u8_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAmLDIZgACgkQldFmTdL1
kUKBBxAAqQpK96dq19GgCtY9xjFZbzgikF50UaugO8xyRRpjt2LPgIAKppUNDFMT
anJMxzIJgKX7FeK4dLXEgi06rTzlYf3MGb50GJ7guP4pLiHYGvMOx5HC7W7+7H+F
ZhGvlhWcR4ZoLxchZzklO9AvLd9Z9po9XhKj6yPfbv6s66DdTGpRAViTOI8XmaUR
KNpyhf3MhhYylYJfPh3Sb93LShFuWA3iR6y0zesLZDE3u3XKVmygOe3ee5TAP4ia
c233Bx2BUBXOZ3umNJgOMEfIriFmesrKVCoGjNIxRBX1QaY9CKF+Fib4td0k4tEE
0+TKsE5+HTB5v7mfkDcXE/0AmXJir5MkhtiUsfQLX+EmJ8sFn2gGsVjMMxZQd+v9
fTHWZrPDmg9ZvJDapXiNsquY0YbJ7F1U4iJj9csAc54ILmfmhs11PWhdqtHwTu09
nFzkm2ELaYdF2FuwR4G8YGs5orUphgfm3e0ZHbwnkiN0Krs/xOcMXoTwo94iPCOC
e9Je070LEw3vWT+dJaSB5lzzNiSg5Q54VomIM280O87ja8NVM2E8m5ZZZ6SfzqA5
PikjwYwePvndwd50WziCozaWWudUKFTD7ppTVpPJw3ckKkphkMQ9bSfYHN4WQYj4
Gs/F+k7qTQ4zHoBXs2jtdZ0WyBzsW3UhKtswY9n4zo7jp4yfo60=
=UHLo
-----END PGP SIGNATURE-----