[Bug 2045055] Re: link in default index.html should be HTTPS

2024-06-13 Thread Launchpad Bug Tracker 
This bug was fixed in the package apache2 - 2.4.59-2ubuntu2

---
apache2 (2.4.59-2ubuntu2) oracular; urgency=medium

  * d/index.html, d/apache2.postrm: Fix https link to apache documentation.
(LP: #2045055)

apache2 (2.4.59-2ubuntu1) oracular; urgency=medium

  * Merge with Debian unstable (LP: #2064378). Remaining changes:
- d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm,
  d/source/include-binaries, d/t/check-ubuntu-branding: Replace
  Debian with Ubuntu on default homepage.
  (LP #1966004, LP #1947459)
- d/apache2.py, d/apache2-bin.install: Add apport hook
  (LP #609177)
- d/control, d/apache2.install, d/apache2-utils.ufw.profile,
  d/apache2.dirs: Add ufw profiles
  (LP #261198)
- d/control: Upgrade lua build dependency to 5.4
  (LP #1910372)
- d/c/m/setenvif.conf, d/p/fix-dolphin-to-delete-webdav-dirs.patch: Add
  dolphin and Konqueror/5 careful redirection so that directories can be
  deleted via webdav.
  (LP #1927742)
- d/debhelper/apache2-maintscript-helper: Allow execution when called from a
  postinst script through a trigger (i.e., postinst triggered).
  Thanks to Roel van Meer. (Closes: #1060450)
  (LP #2038912)
  * Dropped:
- d/p/CVE-2023-38709.patch: header validation after
  content-* are eval'ed in modules/http/http_filters.c.
  [Included in 2.4.59]
- HTTP Response Splitting in multiple modules
  + d/p/CVE-2024-24795.patch: let httpd handle CL/TE for
non-http handlers in include/util_script.h,
modules/aaa/mod_authnz_fcgi.c, modules/generators/mod_cgi.c,
modules/generators/mod_cgid.c, modules/http/http_filters.c,
modules/proxy/ajp_header.c, modules/proxy/mod_proxy_fcgi.c,
modules/proxy/mod_proxy_scgi.c, modules/proxy/mod_proxy_uwsgi.c.
  [Included in 2.4.59]
- HTTP/2 DoS by memory exhaustion on endless continuation frames
  + d/p/CVE-2024-27316.patch: bail after too many failed reads
in modules/http2/h2_session.c, modules/http2/h2_stream.c,
modules/http2/h2_stream.h.
  [Included in 2.4.59]

apache2 (2.4.59-2) unstable; urgency=medium

  * Breaks against fossil due to CVE-2024-24795 follows up

apache2 (2.4.59-1) unstable; urgency=medium

  [ Stefan Fritsch ]
  * Remove old transitional packages libapache2-mod-md and
libapache2-mod-proxy-uwsgi. Closes: #1032628

  [ Yadd ]
  * mod_proxy_connect: disable AllowCONNECT by default (Closes: #1054564)
  * Refresh patches
  * New upstream version 2.4.59
(Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)
  * Refresh patches
  * Update patches
  * Update test framework

 -- Bryce Harrington   Mon, 10 Jun 2024 23:04:49
+

** Changed in: apache2 (Ubuntu)
   Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-38709

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-24795

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-27316

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2045055

Title:
  link in default index.html should be HTTPS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2045055/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2045055] Re: link in default index.html should be HTTPS

2024-05-23 Thread Launchpad Bug Tracker 
** Merge proposal linked:
   
https://code.launchpad.net/~bryce/ubuntu/+source/apache2/+git/apache2/+merge/466357

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2045055

Title:
  link in default index.html should be HTTPS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2045055/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2045055] Re: link in default index.html should be HTTPS

2024-05-23 Thread Chris Murray 
Have created a PR in Salsa for this - https://salsa.debian.org/apache-
team/apache2/-/merge_requests/41/

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2045055

Title:
  link in default index.html should be HTTPS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2045055/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2045055] Re: link in default index.html should be HTTPS

2024-05-22 Thread Bryce Harrington 
We already maintain index.html due to branding, and fixing the https
link adds little to that.  I agree this should go to Debian since the
same issue affects them as well, but meanwhile it makes sense to me to
fix in Ubuntu.

** Changed in: apache2 (Ubuntu)
   Importance: Wishlist => Low

** Changed in: apache2 (Ubuntu)
 Assignee: (unassigned) => Bryce Harrington (bryce)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2045055

Title:
  link in default index.html should be HTTPS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2045055/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs