apache2 (2.4.7-1ubuntu4.22) trusty-security; urgency=medium
* SECURITY UPDATE: mod_session expiry time issue
- debian/patches/CVE-2018-17199-pre1.patch: properly handle sessions
that could not be decoded in modules/session/mod_session.c.
- debian/patches/CVE-2018-17199.patch: always decode session attributes
early in modules/session/mod_session.c.
- CVE-2018-17199
* SECURITY UPDATE: mod_auth_digest access control bypass
- debian/patches/CVE-2019-0217.patch: fix a race condition in
modules/aaa/mod_auth_digest.c.
- CVE-2019-0217
* SECURITY UPDATE: URL normalization inconsistincy
- debian/patches/CVE-2019-0220-1.patch: merge consecutive slashes in
the path in include/http_core.h, include/httpd.h, server/core.c,
server/request.c, server/util.c.
- debian/patches/CVE-2019-0220-2.patch: fix r->parsed_uri.path safety
in server/request.c, server/util.c.
- debian/patches/CVE-2019-0220-3.patch: maintainer mode fix in
server/util.c.
- CVE-2019-0220
apache2 (2.4.7-1ubuntu4.21) trusty; urgency=medium
* d/p/AuthzProviderAlias-visibility.patch: Allow <AuthzProviderAlias>'es
to be seen from auth stanzas under virtual hosts (LP: #1529355)
Date: 2019-04-03 18:03:12.470620+00:00
Changed-By: Marc Deslauriers <[email protected]>
https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.22
Sorry, changesfile not available.
--
Trusty-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/trusty-changes
