[apache2] branch jessie updated (bcac165 -> fd4821e)
Stefan Fritsch
sf at moszumanska.debian.org
Sat Mar 31 09:46:39 UTC 2018
This is an automated email from the git hooks/post-receive script.
sf pushed a change to branch jessie
in repository apache2.
from bcac165 Import 2.4.10-10+deb8u11 security update
new ea64da1 CVE-2017-15710: mod_authnz_ldap
new ca20296 CVE-2017-15715: <FilesMatch> bypass with a trailing newline
new 8590c62 CVE-2018-1283: Tampering of mod_session data for CGI applications
new f6824e7 CVE-2018-1301: out of bound read after failure in reading HTTP request
new f78c6a8 CVE-2018-1303: Possible out of bound read in mod_cache_socache
new 3c82394 CVE-2018-1312: mod_auth_digest: Weak Digest auth nonce generation
new fd4821e release 2.4.10-10+deb8u12
The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Summary of changes:
debian/changelog | 18 +
debian/patches/CVE-2017-15710-mod_authnz_ldap.diff | 21 ++
.../patches/CVE-2017-15715-regex-line-endings.diff | 197 ++++++++++
debian/patches/CVE-2018-1283-mod_session.diff | 25 ++
...-2018-1301-HTTP-request-read-out-of-bounds.diff | 197 ++++++++++
.../CVE-2018-1303-mod_cache_socache-oob.diff | 14 +
.../CVE-2018-1312-mod_auth_digest-nonce.diff | 399 +++++++++++++++++++++
debian/patches/series | 6 +
8 files changed, 877 insertions(+)
create mode 100644 debian/patches/CVE-2017-15710-mod_authnz_ldap.diff
create mode 100644 debian/patches/CVE-2017-15715-regex-line-endings.diff
create mode 100644 debian/patches/CVE-2018-1283-mod_session.diff
create mode 100644 debian/patches/CVE-2018-1301-HTTP-request-read-out-of-bounds.diff
create mode 100644 debian/patches/CVE-2018-1303-mod_cache_socache-oob.diff
create mode 100644 debian/patches/CVE-2018-1312-mod_auth_digest-nonce.diff
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list