[apache2] branch stretch updated (aac953c -> 1947e1a)
Stefan Fritsch
sf at moszumanska.debian.org
Sat Mar 31 09:17:24 UTC 2018
This is an automated email from the git hooks/post-receive script.
sf pushed a change to branch stretch
in repository apache2.
from aac953c import 2.4.25-3+deb9u3 security update
new 5ce2d82 refresh line numbers in patch
new 7ec3901 CVE-2017-15710: mod_authnz_ldap
new 0f01b95 CVE-2017-15715: <FilesMatch> bypass with a trailing newline
new 9f7b280 CVE-2018-1283: Tampering of mod_session data for CGI applications
new 3542942 CVE-2018-1301: out of bound read after failure in reading HTTP request
new 01e4c11 CVE-2018-1303: Possible out of bound read in mod_cache_socache
new 5714ce3 CVE-2018-1312: mod_auth_digest: Weak Digest auth nonce generation
new 1947e1a release 2.4.25-3+deb9u4
The 8 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Summary of changes:
debian/changelog | 18 +
debian/patches/CVE-2017-15710-mod_authnz_ldap.diff | 21 ++
.../patches/CVE-2017-15715-regex-line-endings.diff | 199 ++++++++++
debian/patches/CVE-2018-1283-mod_session.diff | 25 ++
...-2018-1301-HTTP-request-read-out-of-bounds.diff | 197 ++++++++++
.../CVE-2018-1303-mod_cache_socache-oob.diff | 14 +
.../CVE-2018-1312-mod_auth_digest-nonce.diff | 399 +++++++++++++++++++++
...ow-Methods-registration-at-run-time-.htac.patch | 11 +-
debian/patches/series | 6 +
9 files changed, 882 insertions(+), 8 deletions(-)
create mode 100644 debian/patches/CVE-2017-15710-mod_authnz_ldap.diff
create mode 100644 debian/patches/CVE-2017-15715-regex-line-endings.diff
create mode 100644 debian/patches/CVE-2018-1283-mod_session.diff
create mode 100644 debian/patches/CVE-2018-1301-HTTP-request-read-out-of-bounds.diff
create mode 100644 debian/patches/CVE-2018-1303-mod_cache_socache-oob.diff
create mode 100644 debian/patches/CVE-2018-1312-mod_auth_digest-nonce.diff
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list