[apache2] 04/04: add changelog for 2.4.33

Stefan Fritsch sf at moszumanska.debian.org
Fri Mar 30 15:31:40 UTC 2018 

This is an automated email from the git hooks/post-receive script.

sf pushed a commit to branch master
in repository apache2.

commit ce4485319e474a1544d15b0eaefbee6bc98f7e40
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Fri Mar 30 17:30:34 2018 +0200

    add changelog for 2.4.33
---
 debian/changelog | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 0eed8c2..82f19c1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,37 @@
+apache2 (2.4.33-1) UNRELEASED; urgency=medium
+
+  * New upstream version.
+    - SECURITY: CVE-2017-15710
+      Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig enabled
+    - SECURITY: CVE-2018-1283
+      mod_session: CGI-like applications that intend to read from mod_session's
+      'SessionEnv ON' could be fooled into reading user-supplied data instead.
+    - SECURITY: CVE-2018-1303
+      mod_cache_socache: Fix request headers parsing to avoid a possible crash
+      with specially crafted input data.
+    - SECURITY: CVE-2018-1301
+      core: Possible crash with excessively long HTTP request headers.
+      Impractical to exploit with a production build and production LogLevel.
+    - SECURITY: CVE-2017-15715
+      core: Configure the regular expression engine to match '$' to the end of
+      the input string only, excluding matching the end of any embedded
+      newline characters. Behavior can be changed with new directive
+      'RegexDefaultOptions'.
+    - SECURITY: CVE-2018-1312
+      mod_auth_digest: Fix generation of nonce values to prevent replay
+      attacks across servers using a common Digest domain. This change
+      may cause problems if used with round robin load balancers. PR 54637
+    - SECURITY: CVE-2018-1302
+      mod_http2: Potential crash w/ mod_http2.
+    - mod_md: new experimental, module for managing domains across virtual
+      hosts, implementing the Let's Encrypt ACMEv1 protocol to signup and
+      renew certificates.
+    - core: silently ignore a not existent file path when IncludeOptional
+      is used. Closes: #878920
+
+
+ -- Stefan Fritsch <sf at debian.org>  Fri, 30 Mar 2018 17:16:15 +0200
+
 apache2 (2.4.29-2) unstable; urgency=medium
 
   * Add myself to Uploaders

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git

More information about the Pkg-apache-commits mailing list