-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 3.0 (quilt) Source: apache2 Binary: apache2, apache2-data, apache2-bin, apache2-utils, apache2-suexec-pristine, apache2-suexec-custom, apache2-doc, apache2-dev, apache2-dbg Architecture: any all Version: 2.4.16-1 Maintainer: Debian Apache Maintainers <[email protected]> Uploaders: Stefan Fritsch <[email protected]>, Arno Töll <[email protected]> Homepage: http://httpd.apache.org/ Standards-Version: 3.9.6 Vcs-Browser: https://anonscm.debian.org/cgit/pkg-apache/apache2.git/ Vcs-Git: git://anonscm.debian.org/pkg-apache/apache2.git Build-Depends: debhelper (>= 9.20131213~), lsb-release, dpkg-dev (>= 1.16.1~), libaprutil1-dev (>= 1.5.0), libapr1-dev (>= 1.5.0), libpcre3-dev, zlib1g-dev, libssl-dev (>= 0.9.8m), perl, liblua5.1-0-dev, libxml2-dev, autotools-dev, gawk | awk Build-Conflicts: autoconf2.13 Package-List: apache2 deb httpd optional arch=any apache2-bin deb httpd optional arch=any apache2-data deb httpd optional arch=all apache2-dbg deb debug extra arch=any apache2-dev deb httpd optional arch=any apache2-doc deb doc optional arch=all apache2-suexec-custom deb httpd extra arch=any apache2-suexec-pristine deb httpd optional arch=any apache2-utils deb httpd optional arch=any Checksums-Sha1: 9963e7482700dd50c53e47abfe2d1c5068875a9c 5101005 apache2_2.4.16.orig.tar.bz2 f04d64607fa67f2b90be714c0fee896f1d0bf788 437292 apache2_2.4.16-1.debian.tar.xz Checksums-Sha256: ac660b47aaa7887779a6430404dcb40c0b04f90ea69e7bd49a40552e9ff13743 5101005 apache2_2.4.16.orig.tar.bz2 0053ccf0847b26cecdc335ae1d54a03484b5388ab230783f6e4a53f7be4288fa 437292 apache2_2.4.16-1.debian.tar.xz Files: 2b19cd338fd526dd5a63c57b1e9bfee2 5101005 apache2_2.4.16.orig.tar.bz2 9b4e058d21dc72d8511141fb068b9651 437292 apache2_2.4.16-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBVb1MvsaHXzVBzv3gAQgz6Q/9FM0+HV8Me1rFGHQ2+bDcaIYjEadf//Q4 Po4fao5ahr/kbKbWeuYjS6r4TcK52UFrHpW95dvr7gQrRm/+ilJYfowIAGsrUwoS y9PZf0EexKHoLtYd+CMMwYKTBlE8dANQkeuDStINSAAUH9KB+5YiziT0Nl9dfdRS FI10DgHzxupADe2zeoennjI8AWIqxg76Q+77LcSVLqHLO3+hhypxgFI3wCO3rFbv 1V2sZL/RGwstInh9rulJnNIxrufDcplwubbDHe65NiDjIBnPJ/fQuxagjJ150YRM Gx5hwSICurX0PqKcvDwN15DbfEEB5kyiJujxAxsmz32Ia9jy8r47oIPjoAMOsaD5 UWqDcaBJgGYaWeStpdeIbVELxGLRM2YDC9Zdee9sjGsZcF3hhJy6XfxyeHKPQG+S puyDyz2L9sSUx1RHBmvsecQd206J55GyQ00eLpW7BOhDqDcmRD966V1Q1yR6TRi0 GsqHW7oyLP7HRU0GCKhSGJeLDXkqGkF2QQ7ES6hiHRBhsSz1QCZyuBd+Tl2xoLNk C0Xfzl+aKfH3L6MEgMSMuhrcgaXVbU5ap+tKdSDkuYBIaAzY6h1C5P9Oog/CeVJj njKtvWNHWWbr1ED0ARwY8opvwjqn/JPjewh9mu3CgLY5onrV4SisUhlA0pkL3rOE wgoBbrAFin0= =f2/2 -----END PGP SIGNATURE----- Changes: apache2 (2.4.16-1) unstable; urgency=medium [ Stefan Fritsch ] * New upstream version, fixing the following security issues: + CVE-2015-3183: Fix chunk header parsing defect. + CVE-2015-3185: ap_some_auth_required() broken in apache 2.4 in an unfixable way. Add a new replacement API ap_some_authn_required() and ap_force_authn hook. [ Jean-Michel Vourgère ] * Allow "triggers-awaited" and "triggers-pending" states in addition to "installed" when determining whether to defer actions or process deferred actions. Thanks Colin Watson. Closes: #787103 * Allow a2dismod cgi on threaded mpms. Thanks Raul Dias. Closes: #733979 * Remove pre-Jessie transition scripts, and remaining breaks. * Made builds reproducible: d/rules set the date from the changelog in CPPFLAGS, new reproducible_builds.diff patch to use it. * Moved bash_completion from /etc to /usr/share/bash_completion. Added links there for dynamic loading. * Upgrade security.conf comments to 2.4 auth format. Thanks Werner Detter. Closes: #789788 * apache2.postinst: Fixed tests on deferred mpm switch. Closes: #789914 -- Stefan Fritsch <[email protected]> Sun, 02 Aug 2015 00:44:07 +0200
