-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 04 Oct 2024 15:21:08 +0000 Source: apache2 Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-dev apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi Architecture: amd64 Version: 2.4.62-1~deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Bastien Roucariès Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-dev - Apache HTTP Server (development headers) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Closes: 1079172 1079206 Changes: apache2 (2.4.62-1~deb12u2) bookworm-security; urgency=medium . * Fix CVE-2024-38474 regression: Better question mark tracking to avoid UnsafeAllow3F (Closes: #1079172) * Fix CVE-2024-39884 regression: Trust strings from configuration in mod_proxy (Closes: #1079206) * Add myself as maintainer with Yadd agreement Checksums-Sha1: c937db6318c2e18455d0c4860979b9d8fd97f212 3748508 apache2-bin-dbgsym_2.4.62-1~deb12u2_amd64.deb 6a40168162ff455efb1600500dd49d9a0b771a0b 1386212 apache2-bin_2.4.62-1~deb12u2_amd64.deb cfa2e5fed25a8dbd045c3f9cf65e8327024f4db2 315552 apache2-dev_2.4.62-1~deb12u2_amd64.deb 185c78bf26c90b75687c89c8dbfb77d7b91cefc6 3140 apache2-ssl-dev_2.4.62-1~deb12u2_amd64.deb c6cb6800debde37096215acaedc5bcb1136f348f 12388 apache2-suexec-custom-dbgsym_2.4.62-1~deb12u2_amd64.deb a4ac34f9ee258298113b6e054f33b8f49d491a01 143232 apache2-suexec-custom_2.4.62-1~deb12u2_amd64.deb 4be04aba4cb427d8e54dd20758f9e55db0846e3a 11204 apache2-suexec-pristine-dbgsym_2.4.62-1~deb12u2_amd64.deb d69781ef6527165ef5788fbd194ba37a5a8848ad 141668 apache2-suexec-pristine_2.4.62-1~deb12u2_amd64.deb bea66c6ab949ed851a3dfc4f930eae33e8a93c47 115596 apache2-utils-dbgsym_2.4.62-1~deb12u2_amd64.deb 2a0cec8686efef41a7b3dc5ec1dc6f446b0095a8 209980 apache2-utils_2.4.62-1~deb12u2_amd64.deb b6883530b660f6e48cd4adc508f4110aa0606176 11654 apache2_2.4.62-1~deb12u2_amd64-buildd.buildinfo 75953d017ef04957b4ede92821567c99247c52a6 222756 apache2_2.4.62-1~deb12u2_amd64.deb 5b0a2d2b2137de8a2190ca8f7eb3be28ff017c18 948 libapache2-mod-md_2.4.62-1~deb12u2_amd64.deb 3eadbd9d9f6b47cc02d16cea935b263f58ced5f8 1136 libapache2-mod-proxy-uwsgi_2.4.62-1~deb12u2_amd64.deb Checksums-Sha256: a25bf93e0f50309f48563d0fb3f6247840b118894aa3c49b4db4118216c3e42a 3748508 apache2-bin-dbgsym_2.4.62-1~deb12u2_amd64.deb 3fb70393b682d444d0273778cebb70ca8d7156bd93dbeae4dba8f4864a846d7c 1386212 apache2-bin_2.4.62-1~deb12u2_amd64.deb c7e1f47fc9cb232be8dfc3ef04e58087e7244f85cc20fcf846710ed898d19218 315552 apache2-dev_2.4.62-1~deb12u2_amd64.deb 5082c9465d3563b4c1106ea326964479abe543b3ca328a97dacf552401e15d73 3140 apache2-ssl-dev_2.4.62-1~deb12u2_amd64.deb 355e0ec44a16d133746be379ac8f01d174767a1f4325c35ab2227caa980bc292 12388 apache2-suexec-custom-dbgsym_2.4.62-1~deb12u2_amd64.deb f7199ff6693b44cd3229d558a96a38d3a405830c7fe0ed78395b9eeff8dc1072 143232 apache2-suexec-custom_2.4.62-1~deb12u2_amd64.deb b88f9c0642f52c4735fe64d23a2ccb90bbdffecd8e37674310f89bca2a71a2c6 11204 apache2-suexec-pristine-dbgsym_2.4.62-1~deb12u2_amd64.deb af7c76d38555704e5bb178cbe30d98959acdcbbdf37381593116c49fa8d23424 141668 apache2-suexec-pristine_2.4.62-1~deb12u2_amd64.deb e9e9fd4e167870bd89eb45c2114e8272d6aa3ffcf355db6838840f7ab8b98f1b 115596 apache2-utils-dbgsym_2.4.62-1~deb12u2_amd64.deb d32116078062310ff361956f774d13f8068819c4dcafe9118b74bbf380f704e6 209980 apache2-utils_2.4.62-1~deb12u2_amd64.deb da517567f521b9c98c8f94d25c13cb2f7627161ed2a3d9172f97de06bbc8f2d1 11654 apache2_2.4.62-1~deb12u2_amd64-buildd.buildinfo cb6c8a0d8637a2fe2ee0407d853d9f445676db1275ecd648f28780cd472c9f5d 222756 apache2_2.4.62-1~deb12u2_amd64.deb 66b917a3c1553de616b7b111bc67b1c2777e4ab924757ea49df8f30318c1e4ee 948 libapache2-mod-md_2.4.62-1~deb12u2_amd64.deb c2376cdc26d1be78eadf59fe17054e8f38b8120e5323d72544cf94383f149226 1136 libapache2-mod-proxy-uwsgi_2.4.62-1~deb12u2_amd64.deb Files: 0bba15ec799ca455e11a587bececd539 3748508 debug optional apache2-bin-dbgsym_2.4.62-1~deb12u2_amd64.deb 2770433a6452f4b92efb2631bab2aec6 1386212 httpd optional apache2-bin_2.4.62-1~deb12u2_amd64.deb 5ffeb26c24f8dc3529be14e278474c8e 315552 httpd optional apache2-dev_2.4.62-1~deb12u2_amd64.deb 3f7a6ea81286567c24ca23e28b76b0c0 3140 httpd optional apache2-ssl-dev_2.4.62-1~deb12u2_amd64.deb 2b260171198f037a7b7ae5c18fb7ba0c 12388 debug optional apache2-suexec-custom-dbgsym_2.4.62-1~deb12u2_amd64.deb 7e7f8a17a6cc7c4e666c69d52e5d021e 143232 httpd optional apache2-suexec-custom_2.4.62-1~deb12u2_amd64.deb 0b6c1e4b7f9331de5768742f202bfb23 11204 debug optional apache2-suexec-pristine-dbgsym_2.4.62-1~deb12u2_amd64.deb 38ca72e56b8c32209b969e4f472642e8 141668 httpd optional apache2-suexec-pristine_2.4.62-1~deb12u2_amd64.deb c06a6ff58d092068c31f2f1cfd884d17 115596 debug optional apache2-utils-dbgsym_2.4.62-1~deb12u2_amd64.deb 4ae8027eb9f48c214fa98269a56cc779 209980 httpd optional apache2-utils_2.4.62-1~deb12u2_amd64.deb ac18756e6997b447cb7e963bf94d09b3 11654 httpd optional apache2_2.4.62-1~deb12u2_amd64-buildd.buildinfo 7011a5a451c168d66a0b5ca408cea28f 222756 httpd optional apache2_2.4.62-1~deb12u2_amd64.deb 2c37191d3a2bd857f1748ab61d443223 948 oldlibs optional libapache2-mod-md_2.4.62-1~deb12u2_amd64.deb d5c4f89e4d58f45114625b735ad362a3 1136 oldlibs optional libapache2-mod-proxy-uwsgi_2.4.62-1~deb12u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgdRoRGwEM09wlaMzOni7ZmUpKEcFAmcAMmIACgkQOni7ZmUp KEfL5A//XGFI9OxVQ/Te9ZjoZNoFvgDB5ugT5ovajFa/Qpq19odpWc/lBJVV3mpz AYt1OLdo+evjybvpkNPI+3M2YuKMUSkTO83Nvzz2yzBJjbXhT9xttEG7cNc8p7IX WYL4eG9HzRvV2I8EKIIhsUmZGo8V6tQsJxSXP/4XJDikOxtWAIy6MvSC7kyQdW5Q s/ZSgTD++5a1N7gAiBsioousTeiMNVSIB2mEZSSMz//eQGZ9zvguThrOgFmWhkzl zH3OHA1EQG5rTmhmooW2PhmiS6k5Qq9FgytzyLMm2PyTdzaD5GlKE1x76h4Z6fGD pAC3C7VOsVfgXXoYbfu0yufgyQ2V127A6WvfVlr8lV8XybNEgTpGbmsP4E3vFx+p 3zt5OazlhACOAq4Z2XUiqZ8lcSY5ou7suVjBc6S8hqbec/cjc8lXgi9IvWCvy6qL EBXvoPImGgNhqJESyOkv1Hl8407pqTiCWwOf0Pa4RH4/utYjn1CCuHbK3WG9icnK BGncGl7bgww6/qH/lo7jd1mUN6q9TDTgBwlVTBq5+159w7Xj/MFQ/BEKARNjDdZb i4LDX/QojXXAs4Q/Xs7uzTUBjwhKFyMM4S09voJufq7TG+RqyrVL2hBLcMoQCioM A2GswTZfFh+D/t6JKhzrEPqQ5uke1KgTZu1Pmc1VKSl+ne/oDqQ= =9O95 -----END PGP SIGNATURE-----