Public bug reported: Upstream: 2.4.62 Debian: 2.4.62-3 2.4.62-4 Ubuntu: 2.4.62-1ubuntu1
Debian new has 2.4.62-4, which may be available for merge soon. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Jammy Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### apache2 (2.4.62-3) unstable; urgency=medium * Fix debian/changelog -- Bastien Roucariès <ro...@debian.org> Fri, 04 Oct 2024 13:35:02 +0000 apache2 (2.4.62-2) unstable; urgency=medium * Add myself as maintainer with yadd agreement. * Fix CVE-2024-38474 regression: Better question mark tracking to avoid UnsafeAllow3F (Closes: #1079172) * Fix CVE-2024-39884 regression: Trust strings from configuration in mod_proxy (Closes: #1079206) -- Bastien Roucariès <ro...@debian.org> Sun, 29 Sep 2024 18:47:03 +0000 apache2 (2.4.62-1) unstable; urgency=medium * New upstream version 2.4.62 (Closes: CVE-2024-40725, CVE-2024-40898) -- Yadd <y...@debian.org> Thu, 18 Jul 2024 06:56:52 +0400 apache2 (2.4.61-1) unstable; urgency=medium * New upstream version 2.4.61 (Closes: CVE-2024-39884) -- Yadd <y...@debian.org> Wed, 03 Jul 2024 19:22:29 +0400 apache2 (2.4.60-1) unstable; urgency=medium [ Bastien Roucariès ] * Forward port CVE-2023-25690 uwsgi tests * Fix depends of uwsgi test * Use python3 uwsgi plugin * Encode bytes for uwsgi test [ Bryce Harrington ] * Add UFW profile integration (Closes: #1071705) [Chris Murray] * Use https instead of http in doc (LP: #2045055) [ Yadd ] * Bump liblua from liblua5.3-dev to liblua5.4-dev (Closes: #1071701) * Update test framework * releasing package apache2 version 2.4.59-1~deb12u1 * New upstream version (CLoses: CVE-2024-36387, CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573) * Unfuzz patches -- Yadd <y...@debian.org> Mon, 01 Jul 2024 18:04:08 +0400 apache2 (2.4.59-2) unstable; urgency=medium * Breaks against fossil due to CVE-2024-24795 follows up -- Bastien Roucariès <ro...@debian.org> Mon, 29 Apr 2024 21:55:28 +0000 apache2 (2.4.59-1) unstable; urgency=medium [ Stefan Fritsch ] * Remove old transitional packages libapache2-mod-md and libapache2-mod-proxy-uwsgi. Closes: #1032628 [ Yadd ] * mod_proxy_connect: disable AllowCONNECT by default (Closes: #1054564) * Refresh patches * New upstream version 2.4.59 (Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709) * Refresh patches * Update patches * Update test framework -- Yadd <y...@debian.org> Fri, 05 Apr 2024 08:08:11 +0400 apache2 (2.4.58-1) unstable; urgency=medium [ Bas Couwenberg ] * Provide dh-sequence-apache2 (Closes: #1050870) [ Yadd ] * Drop dependency to obsolete lsb-base * New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622, CVE-2023-45802) * Refresh patches -- Yadd <y...@debian.org> Thu, 19 Oct 2023 14:56:29 +0400 apache2 (2.4.57-3) unstable; urgency=medium * Update a2enmod to drop given/when (Closes: #1050458) * Restore changes not included in Bookworm (set -e in apache2ctl) -- Yadd <y...@debian.org> Tue, 29 Aug 2023 11:39:32 +0400 apache2 (2.4.57-2) unstable; urgency=medium ### Old Ubuntu Delta ### apache2 (2.4.62-1ubuntu1) oracular; urgency=medium * Merge with Debian unstable (LP: #2077060). Remaining changes: - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm, d/source/include-binaries, d/t/check-ubuntu-branding: Replace Debian with Ubuntu on default homepage. (LP #1966004, LP #1947459) - d/apache2.py, d/apache2-bin.install: Add apport hook (LP #609177) - d/c/m/setenvif.conf, d/p/fix-dolphin-to-delete-webdav-dirs.patch: Add dolphin and Konqueror/5 careful redirection so that directories can be deleted via webdav. (LP #1927742) - d/debhelper/apache2-maintscript-helper: Allow execution when called from a postinst script through a trigger (i.e., postinst triggered). Thanks to Roel van Meer. (Closes: #1060450) (LP #2038912) - d/index.html, d/apache2.postrm: Fix https link to apache documentation. (LP #2045055) * Dropped: - d/control, d/apache2.install, d/apache2-utils.ufw.profile, d/apache2.dirs: Add ufw profiles (LP #261198) [Included in Debian 2.4.60-1] - d/control: Upgrade lua build dependency to 5.4 (LP #1910372) [Included in Debian 2.4.60-1] -- Bryce Harrington <br...@canonical.com> Thu, 15 Aug 2024 00:32:14 -0700 ** Affects: apache2 (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version ** Changed in: apache2 (Ubuntu) Milestone: None => ubuntu-24.12 -- You received this bug notification because you are a member of Ubuntu Server/Client Support Team, which is subscribed to apache2 in Ubuntu. Matching subscriptions: Ubuntu Server/Client Support Team https://bugs.launchpad.net/bugs/2085206 Title: Merge apache2 from Debian unstable for jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2085206/+subscriptions -- Mailing list: https://launchpad.net/~enterprise-support Post to : enterprise-support@lists.launchpad.net Unsubscribe : https://launchpad.net/~enterprise-support More help : https://help.launchpad.net/ListHelp
