Commits · jessie · Apache packaging team / apache2

03 Apr, 2019 3 commits
- CVE-2019-0220: URL normalization inconsistincy · 59bf1626
  Jonas Meurer authored Apr 03, 2019
  
  59bf1626
- CVE-2019-0217: mod_auth_digest: Access control bypass · a8ca7748
  Jonas Meurer authored Apr 03, 2019
  
  a8ca7748
- Import Debian changes 2.4.10-10+deb8u13 · dc9beb21
  Thorsten Alteholz authored Jan 29, 2019 and Jonas Meurer committed Apr 03, 2019
```
apache2 (2.4.10-10+deb8u13) jessie-security; urgency=medium

  * Non-maintainer upload by the LTS Team. 
  * CVE-2018-17199
    In order to not ignore expire time of cookies, always decode session
    attributes early.
```
  dc9beb21
31 Mar, 2018 7 commits
- release 2.4.10-10+deb8u12 · fd4821e2
  Stefan Fritsch authored Mar 31, 2018
  
  fd4821e2
- CVE-2018-1312: mod_auth_digest: Weak Digest auth nonce generation · 3c823942
  Stefan Fritsch authored Mar 30, 2018
  
  3c823942
- CVE-2018-1303: Possible out of bound read in mod_cache_socache · f78c6a81
  Stefan Fritsch authored Mar 30, 2018
  
  f78c6a81
- CVE-2018-1301: out of bound read after failure in reading HTTP request · f6824e7a
  Stefan Fritsch authored Mar 30, 2018
  
  f6824e7a
- CVE-2018-1283: Tampering of mod_session data for CGI applications · 8590c62a
  Stefan Fritsch authored Mar 30, 2018
  
  8590c62a
- CVE-2017-15715: <FilesMatch> bypass with a trailing newline · ca202964
  Stefan Fritsch authored Mar 30, 2018
  
  ca202964
- CVE-2017-15710: mod_authnz_ldap · ea64da14
  Stefan Fritsch authored Mar 30, 2018
```
Fix out of bound write in mod_authnz_ldap when using too small
Accept-Language values.
```
  ea64da14
02 Oct, 2017 1 commit
- Import 2.4.10-10+deb8u11 security update · bcac1652
  Stefan Fritsch authored Oct 02, 2017
  
  bcac1652
18 Jul, 2017 1 commit
- CVE-2017-9788: mod_auth_digest: Fix leak of uninitialized memory · 40bab0ff
  Stefan Fritsch authored Jul 18, 2017
  
  40bab0ff
20 Jun, 2017 5 commits
- release 2.4.10-10+deb8u9 · dc26744f
  Stefan Fritsch authored Jun 20, 2017
  
  dc26744f
- CVE-2017-7679: mod_mime buffer overread · 796be50f
  Stefan Fritsch authored Jun 20, 2017
  
  796be50f
- CVE-2017-7668: Buffer overrun in ap_find_token() · 197bab3a
  Stefan Fritsch authored Jun 20, 2017
  
  197bab3a
- CVE-2017-3169: mod_ssl NULL pointer dereference · 88ffa665
  Stefan Fritsch authored Jun 20, 2017
  
  88ffa665
- CVE-2017-3167: ap_get_basic_auth_pw() · b184cf15
  Stefan Fritsch authored Jun 20, 2017
  
  b184cf15
24 Feb, 2017 1 commit
- release 2.4.10-10+deb8u8 for jessie-security · d5053d65
  Stefan Fritsch authored Feb 24, 2017
  
  d5053d65
13 Feb, 2017 1 commit
- Backport strict http fix for CVE-2016-8743 · 64ecdfc3
  Stefan Fritsch authored Feb 11, 2017
  
  64ecdfc3
21 Jan, 2017 3 commits
- mod_session_crypto: prevent padding oracle attack · 5c80b90b
  Stefan Fritsch authored Jan 21, 2017
  
  5c80b90b
- CVE-2016-2161: mod_auth_digest: Fix segfaults · 66276c67
  Stefan Fritsch authored Jan 21, 2017
  
  66276c67
- Activate mod_reqtimeout · 654a605f
  Stefan Fritsch authored Dec 29, 2016
  
  654a605f
30 Dec, 2016 2 commits
- Don't run upgrade logic again after 2.4 · eba1bb52
  Stefan Fritsch authored Sep 05, 2016
  
  eba1bb52
- Import 2.4.10-10+deb8u7 NMU · fbb3fdaa
  Stefan Fritsch authored Dec 30, 2016
  
  fbb3fdaa
07 Aug, 2016 2 commits
- release 2.4.10-10+deb8u6 · 252f303f
  Stefan Fritsch authored Aug 07, 2016
  
  252f303f
- Fix error handling in is_problematic_index_html() in postinst · 4d0edf57
  Stefan Fritsch authored Aug 07, 2016
```
The 'return 1' could never trigger because cut always returns 0.
```
  4d0edf57
21 Jul, 2016 1 commit
- Merge branch 'jessie-security' into jessie · 1bad5e1b
  Stefan Fritsch authored Jul 21, 2016
  
  1bad5e1b
20 Jul, 2016 1 commit
- Add mitigation for HTTP_PROXY envvar issue · 114720a1
  Stefan Fritsch authored Jul 20, 2016
  
  114720a1
25 Jun, 2016 3 commits
- Add proxy_html.conf · 4a56dc71
  Stefan Fritsch authored Jun 25, 2016
  
  4a56dc71
- Give some hints to systemd-sysv-generator · eed7fa10
  Stefan Fritsch authored Apr 10, 2016
```
this fixes 'systemctl status'
```
  eed7fa10
- mod_proxy_fcgi: Don't send response body with a 304 · c27cbd76
  Stefan Fritsch authored Jun 25, 2016
  
  c27cbd76
29 May, 2016 1 commit
- mod_socache_memcache: Increase idle timeout to 15s · 47d9d531
  Stefan Fritsch authored May 29, 2016
  
  47d9d531
28 May, 2016 2 commits
- Remove links to manpages.debian.org in default index.html · 3a3d6d37
  Stefan Fritsch authored May 28, 2016
```
While there, add some rel="nofollow" to other links. Also update
problematic index.html files in postinst.
```
  3a3d6d37
- Fix race condition and logical error in init script · e24275cd
  Stefan Fritsch authored May 28, 2016
  
  e24275cd
28 Nov, 2015 6 commits
- Release 2.4.10-10+deb8u4 · 6fffb19b
  Stefan Fritsch authored Nov 28, 2015
  
  6fffb19b
- Don't use 'set -e' in secondary-init-script · 4e6ef34c
  Stefan Fritsch authored Oct 31, 2015
```
It sources the main init script, which is not designed to work with
'set -e'
```
  4e6ef34c
- Close another bug in changelog · c7c2a379
  Stefan Fritsch authored Nov 28, 2015
  
  c7c2a379
- Don't treat mpm_itk as MPM module in deferred actions · e9d99e20
  Stefan Fritsch authored Oct 24, 2015
  
  e9d99e20
- Don't treat mpm_itk as MPM module in a2enmod · fc41efc4
  Stefan Fritsch authored Oct 24, 2015
  
  fc41efc4
- Don't treat mpm_itk as MPM module in a2query · 8149bd44
  Stefan Fritsch authored Oct 24, 2015
  
  8149bd44