Accepted apache2 2.4.38-3+deb10u10 (source) into oldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted apache2 2.4.38-3+deb10u10 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Mon, 24 Apr 2023 20:30:21 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: apache2_2.4.38-3+deb10u10_source.changes
- Debian-source: apache2
- Debian-suite: oldstable
- Debian-version: 2.4.38-3+deb10u10
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=cl+pT+zmshpSRWLGEiv+EDrZ3YHRSF4mxp60enkkVIA=; b=et3lG7nN+jAR5m7Aaw7ZmOwGCG WZ9XOEwSwO3pGnz5DrmtKiIxadLJAStnKyrHUb73qKbXuYdHZW5XR6XDJyg3HIOoONPs6YYsJuFAz DIHkSjgambBIpjFPJEd8SCn2J9w0JddP/facymC8+MiMmaeT19hVioXySFnmIIoLLe0oZ4m3xtJLa cazMEgh61ccx+oac+ddNN0mgJgUArNDbC0Id3Pvz0qFRnoA/N4IKN/16VP618V4p2QjPSzRAEvm+1 aHR/GKuNE8HyqtIdunA4Oi/vrnNfcQPUS7UgzOfKH5OM6B8GQsEA86Q5y3L3rxtIWcJmooWbgLok2 R9GUfzxw==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1pr2pJ-00DhRd-35@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 21 Apr 2023 22:01:00 +0000
Source: apache2
Architecture: source
Version: 2.4.38-3+deb10u10
Distribution: buster-security
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1032476
Changes:
apache2 (2.4.38-3+deb10u10) buster-security; urgency=medium
.
* Non-maintainer upload by the LTS Team.
* CVE-2023-27522: HTTP Response Smuggling in mod_proxy_uwsgi
(Closes: #1032476)
* CVE-2023-25690: Some mod_proxy configurations allow a HTTP
Request Smuggling attack. Configurations are affected
when mod_proxy is enabled along with some form of RewriteRule
or ProxyPassMatch in which a non-specific pattern matches
some portion of the user-supplied request-target (URL)
data and is then re-inserted into the proxied request-target
using variable substitution. (Closes: #1032476)
* Backport perl-framework testsuite from sid
* Backport regression fix for CVE-2023-25690
Checksums-Sha1:
1b44c2b9bf4495c76605ba6f996f23c2721cdee5 3363 apache2_2.4.38-3+deb10u10.dsc
e06ec00b95fee8b9db13abc0daaf58e8098a8d54 1104408 apache2_2.4.38-3+deb10u10.debian.tar.xz
e72705fd292ebee852dc7f87acc8774fc29eb2b4 12190 apache2_2.4.38-3+deb10u10_amd64.buildinfo
Checksums-Sha256:
c6ae667395293ef81a94bf83a4cdb08781af467959740e40aa266cf609f111ad 3363 apache2_2.4.38-3+deb10u10.dsc
3ee2646e17bcb20b7dd7932b13b839dcc2a7c4e14472c502004d8acbf95f7798 1104408 apache2_2.4.38-3+deb10u10.debian.tar.xz
1de97254084db618e5366a2aa901223805d2c1b1118e12a3d2dce7117df9719b 12190 apache2_2.4.38-3+deb10u10_amd64.buildinfo
Files:
c00a35d7fe9e8c7a0cfbdd7c4e4f29bc 3363 httpd optional apache2_2.4.38-3+deb10u10.dsc
8bf613c2924497120933a00cae3ce06c 1104408 httpd optional apache2_2.4.38-3+deb10u10.debian.tar.xz
de75603fba43ceb688e4d188a84c1f78 12190 httpd optional apache2_2.4.38-3+deb10u10_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmRG5AIRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF+wBhAAsaVhPkAZ0U18xs9yAcXsqxORSNxutSGV
6/zqZx17Czgs0kN+xnhV7rkwCiclDQPgmfoUisUuLR/bRxiskXiUxKu6/d2AQo78
YmbqyzlFry3uCZCxKg+XKP0why8YgD+TGTjr8jH1fyZwyTeliYCTgTJrUOllMLy1
BQjGBwNVad/G57pczKqyqFUPOLnxHri3UdwM0U8Yo5DhqWdjQ8y/+uZbRVEiVJ9U
FfaRW8Adjq3mDn6MPpv1kxopIliyvRQaNAI++hwiPhePuWhl78bpOelujPlJvM36
f3SWnZQbAUt6JXnGqTe+iHRTb1Id+CuQf12szsSr5LdpnXPWdKyiWBX67i18O0gZ
+kd5FGIX/8CGFCMGtY39u5KCWtIZEGQ5gGNHJWE9e/bmAHMhCoyMDz52FNv2MLI3
TtO1CjiQTh6T25cJa9VTMXkKitsNMmi25EblM5tI4iAcpXvUhJaa56TJ3RZVwg90
u6odsdyU3t74xMv0p3huQ9iUZr/XCV0ZtB5aIrgC3KT7hI3HVckGhAlrYgSHNJXU
HRVf5CxNkEV9eY16mF1dPXw7Zz0elNah7YvuDqGEAmpuy0MaWaL+BK+ICxY8HGyz
UXKuI38uOuwnSl+rmJS4k36sdG0Wmhq9fkVXEXsGb20QV+fGz3UJ4v0xm4cXOrmK
ypzkWhgJ308=
=y111
-----END PGP SIGNATURE-----