[ubuntu/xenial-security] apache2 2.4.18-2ubuntu3.12 (Accepted)

[Steve Beattie]

apache2 (2.4.18-2ubuntu3.12) xenial-security; urgency=medium

  * SECURITY UPDATE: Limited cross-site scripting in mod_proxy
    error page.
    - d/p/CVE-2019-10092-1.patch: Remove request details from built-in
      error documents.
    - d/p/CVE-2019-10092-2.patch: Add missing log numbers.
    - d/p/CVE-2019-10092-3.patch: mod_proxy: Improve XSRF/XSS
      protection.
    - CVE-2019-10092
  * SECURITY UPDATE: mod_rewrite potential open redirect.
    - d/p/CVE-2019-10098.patch: Set PCRE_DOTALL by default.
    - CVE-2019-10098

Date: 2019-08-26 14:35:14.763316+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.12
-------------- next part --------------
Sorry, changesfile not available.