[ubuntu/xenial-security] apache2 2.4.18-2ubuntu3.17 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Aug 13 14:17:05 UTC 2020
apache2 (2.4.18-2ubuntu3.17) xenial-security; urgency=medium
* SECURITY UPDATE: mod_rewrite redirect issue
- debian/patches/CVE-2020-1927-1.patch: factor out default regex flags
in include/ap_regex.h, server/core.c, server/util_pcre.c.
- debian/patches/CVE-2020-1927-2.patch: add AP_REG_NO_DEFAULT to allow
opt-out of pcre defaults in include/ap_regex.h,
modules/filters/mod_substitute.c, server/util_pcre.c,
server/util_regex.c.
- CVE-2020-1927
* SECURITY UPDATE: mod_proxy_ftp uninitialized memory issue
- debian/patches/CVE-2020-1934.patch: trap bad FTP responses in
modules/proxy/mod_proxy_ftp.c.
- CVE-2020-1934
apache2 (2.4.18-2ubuntu3.16) xenial; urgency=medium
* On Linux, use pthread mutexes. On kfreebsd/hurd, continue using
fctnl because they lack robust pthread mutexes.
(LP: #1565744)
apache2 (2.4.18-2ubuntu3.15) xenial; urgency=medium
* d/p/lp-1875299-Merge-r1688399-from-trunk.patch: use r_useragent_addr as
the root trusted address (LP: #1875299)
apache2 (2.4.18-2ubuntu3.14) xenial; urgency=medium
* Backport mod_reqtimeout with handshake support (LP: #1846138)
- d/p/0001-mod-reqtimeout-revent-long-response-times.patch
- d/p/0002-mod_reqtimeout-fix-body-timeout-disabling-for-CONNECT-request.patch
- d/p/0003-mod_reqtimeout-Merge-r1853901-r1853906-r1853908-r1853929-r1853935-r.patch
Date: 2020-08-13 01:32:12.809912+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.17
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list