[apache2] branch jessie updated (bcac165 -> fd4821e)

Stefan Fritsch sf at moszumanska.debian.org
Sat Mar 31 09:46:39 UTC 2018 

This is an automated email from the git hooks/post-receive script.

sf pushed a change to branch jessie
in repository apache2.

      from  bcac165   Import 2.4.10-10+deb8u11 security update
       new  ea64da1   CVE-2017-15710: mod_authnz_ldap
       new  ca20296   CVE-2017-15715: <FilesMatch> bypass with a trailing newline
       new  8590c62   CVE-2018-1283: Tampering of mod_session data for CGI applications
       new  f6824e7   CVE-2018-1301: out of bound read after failure in reading HTTP request
       new  f78c6a8   CVE-2018-1303: Possible out of bound read in mod_cache_socache
       new  3c82394   CVE-2018-1312: mod_auth_digest: Weak Digest auth nonce generation
       new  fd4821e   release 2.4.10-10+deb8u12

The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 debian/changelog                                   |  18 +
 debian/patches/CVE-2017-15710-mod_authnz_ldap.diff |  21 ++
 .../patches/CVE-2017-15715-regex-line-endings.diff | 197 ++++++++++
 debian/patches/CVE-2018-1283-mod_session.diff      |  25 ++
 ...-2018-1301-HTTP-request-read-out-of-bounds.diff | 197 ++++++++++
 .../CVE-2018-1303-mod_cache_socache-oob.diff       |  14 +
 .../CVE-2018-1312-mod_auth_digest-nonce.diff       | 399 +++++++++++++++++++++
 debian/patches/series                              |   6 +
 8 files changed, 877 insertions(+)
 create mode 100644 debian/patches/CVE-2017-15710-mod_authnz_ldap.diff
 create mode 100644 debian/patches/CVE-2017-15715-regex-line-endings.diff
 create mode 100644 debian/patches/CVE-2018-1283-mod_session.diff
 create mode 100644 debian/patches/CVE-2018-1301-HTTP-request-read-out-of-bounds.diff
 create mode 100644 debian/patches/CVE-2018-1303-mod_cache_socache-oob.diff
 create mode 100644 debian/patches/CVE-2018-1312-mod_auth_digest-nonce.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git

More information about the Pkg-apache-commits mailing list