-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 3.0 (quilt) Source: apache2 Binary: apache2, apache2-data, apache2-bin, apache2-mpm-worker, apache2-mpm-prefork, apache2-mpm-event, apache2-mpm-itk, apache2.2-bin, apache2.2-common, libapache2-mod-proxy-html, libapache2-mod-macro, apache2-utils, apache2-suexec, apache2-suexec-pristine, apache2-suexec-custom, apache2-doc, apache2-dev, apache2-dbg Architecture: any all Version: 2.4.10-10+deb8u1 Maintainer: Debian Apache Maintainers <[email protected]> Uploaders: Stefan Fritsch <[email protected]>, Arno Töll <[email protected]> Homepage: http://httpd.apache.org/ Standards-Version: 3.9.6 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-apache/apache2.git Vcs-Git: git://anonscm.debian.org/pkg-apache/apache2.git Build-Depends: debhelper (>= 9.20131213~), lsb-release, dpkg-dev (>= 1.16.1~), libaprutil1-dev (>= 1.5.0), libapr1-dev (>= 1.5.0), libpcre3-dev, zlib1g-dev, libssl-dev (>= 0.9.8m), perl, liblua5.1-0-dev, libxml2-dev, autotools-dev, gawk | awk Build-Conflicts: autoconf2.13 Package-List: apache2 deb httpd optional arch=any apache2-bin deb httpd optional arch=any apache2-data deb httpd optional arch=all apache2-dbg deb debug extra arch=any apache2-dev deb httpd optional arch=any apache2-doc deb doc optional arch=all apache2-mpm-event deb oldlibs extra arch=any apache2-mpm-itk deb oldlibs extra arch=any apache2-mpm-prefork deb oldlibs extra arch=any apache2-mpm-worker deb oldlibs extra arch=any apache2-suexec deb oldlibs extra arch=any apache2-suexec-custom deb httpd extra arch=any apache2-suexec-pristine deb httpd optional arch=any apache2-utils deb httpd optional arch=any apache2.2-bin deb oldlibs extra arch=any apache2.2-common deb oldlibs extra arch=any libapache2-mod-macro deb oldlibs extra arch=any libapache2-mod-proxy-html deb oldlibs extra arch=any Checksums-Sha1: 00f5c3f8274139bd6160eda2cf514fa9b74549e5 5031834 apache2_2.4.10.orig.tar.bz2 ec24b18b903c1af6e834482ef97a913495f39203 533628 apache2_2.4.10-10+deb8u1.debian.tar.xz Checksums-Sha256: 176c4dac1a745f07b7b91e7f4fd48f9c48049fa6f088efe758d61d9738669c6a 5031834 apache2_2.4.10.orig.tar.bz2 2902a56b88ab736dd2f523a6d7a454304a547e631619a142e3549887c20a1b46 533628 apache2_2.4.10-10+deb8u1.debian.tar.xz Files: 44543dff14a4ebc1e9e2d86780507156 5031834 apache2_2.4.10.orig.tar.bz2 920d4aebf6c4a7a41cc842d794e7e8cf 533628 apache2_2.4.10-10+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBVb01PMaHXzVBzv3gAQhcthAApBorxoebpolgxIXjlFd8BitaxcNg720l OCQQd9B2mWyf/i5jMSlNjh6t643OWqpmjTlZuapnIdwi4ehAm/RSxdtzmKM8bgpJ G3PsczbYN3lRSATQ6OrMa71dD5a8x/GvrSuaEu0mI8Tcu66IjSDk3/5q4VnPgYvw PZXVlAIxJ18ija9isE6CoSzRJoFV/oPnJkFFkL2DHkc0y20dOUMgpUS0n2AC0r2L Lbvc1nyPFpoe+h7AZihiuBEDmjFVww9P4/Sgp9JujiI+pL8ixFLVk0YVjkw8LYkG f+8IYO0K9d2YOyYUpfY+F4BkjGz5hdDKw2auAHA/Qz8poO1SH78VjgeVhbuRq6kr Hhup7f1ZnejxA3DesUdbPIsyNBQ1Ksb5SeWtKgfFx8d8otQEZSBxaww1iANlN9/W ZKZjaXLpxDbyuvjJxm8XfZm2fVGdn5cNi3PGAlDYbLXgh4YFdHkGpOxPYkfmaF6D zXaU+XxBpRmbC20KctHlad17VqMcmrAVDcYn4pddnbR0ddJ3v0twd3mdPVcbjc20 kuJaiIq1vXRB+ZNYdkURK2kotFUeM42g8dGnJhl4cXyrlRwQxK/GdOxmUZjbEh1l brZyxIXoZ02zYvAueFJIkQWUnItesNcEBhZ8e79TfK7og9SloP5g77EnFh62g0BW 5bRV8LDoQJE= =DikV -----END PGP SIGNATURE----- Changes: apache2 (2.4.10-10+deb8u1) jessie-security; urgency=medium * CVE-2015-3183: Fix chunk header parsing defect. * CVE-2015-3185: ap_some_auth_required() broken in apache 2.4 in an unfixable way. Add a new replacement API ap_some_authn_required() and ap_force_authn hook. -- Stefan Fritsch <[email protected]> Sat, 01 Aug 2015 22:42:35 +0200
