[apache2] branch stretch updated (aac953c -> 1947e1a)

Stefan Fritsch sf at moszumanska.debian.org
Sat Mar 31 09:17:24 UTC 2018 

This is an automated email from the git hooks/post-receive script.

sf pushed a change to branch stretch
in repository apache2.

      from  aac953c   import 2.4.25-3+deb9u3 security update
       new  5ce2d82   refresh line numbers in patch
       new  7ec3901   CVE-2017-15710: mod_authnz_ldap
       new  0f01b95   CVE-2017-15715: <FilesMatch> bypass with a trailing newline
       new  9f7b280   CVE-2018-1283: Tampering of mod_session data for CGI applications
       new  3542942   CVE-2018-1301: out of bound read after failure in reading HTTP request
       new  01e4c11   CVE-2018-1303: Possible out of bound read in mod_cache_socache
       new  5714ce3   CVE-2018-1312: mod_auth_digest: Weak Digest auth nonce generation
       new  1947e1a   release 2.4.25-3+deb9u4

The 8 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 debian/changelog                                   |  18 +
 debian/patches/CVE-2017-15710-mod_authnz_ldap.diff |  21 ++
 .../patches/CVE-2017-15715-regex-line-endings.diff | 199 ++++++++++
 debian/patches/CVE-2018-1283-mod_session.diff      |  25 ++
 ...-2018-1301-HTTP-request-read-out-of-bounds.diff | 197 ++++++++++
 .../CVE-2018-1303-mod_cache_socache-oob.diff       |  14 +
 .../CVE-2018-1312-mod_auth_digest-nonce.diff       | 399 +++++++++++++++++++++
 ...ow-Methods-registration-at-run-time-.htac.patch |  11 +-
 debian/patches/series                              |   6 +
 9 files changed, 882 insertions(+), 8 deletions(-)
 create mode 100644 debian/patches/CVE-2017-15710-mod_authnz_ldap.diff
 create mode 100644 debian/patches/CVE-2017-15715-regex-line-endings.diff
 create mode 100644 debian/patches/CVE-2018-1283-mod_session.diff
 create mode 100644 debian/patches/CVE-2018-1301-HTTP-request-read-out-of-bounds.diff
 create mode 100644 debian/patches/CVE-2018-1303-mod_cache_socache-oob.diff
 create mode 100644 debian/patches/CVE-2018-1312-mod_auth_digest-nonce.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git

More information about the Pkg-apache-commits mailing list