enterprise-support team mailing list archive

[Bryce Harrington <1982048@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

We already did the Apache2 merge once for kinetic, as version
2.4.53-2ubuntu1.  However there is a new merge available from Debian
with a new upstream and some security fixes:

apache2 (2.4.54-2) unstable; urgency=medium

  * Move cgid socket into a writeable directory (Closes: #1014056)
  * Update lintian overrides
  * Declare compliance with policy 4.6.1
  * Install NOTICE in each package

 -- Yadd <yadd@xxxxxxxxxx>  Tue, 05 Jul 2022 15:49:58 +0200

apache2 (2.4.54-1) unstable; urgency=medium

  [ Simon Deziel ]
  * Escape literal "." for BrowserMatch directives in setenvif.conf
  * Use non-capturing regex with FilesMatch directive in default-ssl.conf

  [ Ondřej Surý ]
  * New upstream version 2.4.54 (Closes: #1012513, CVE-2022-31813,
    CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404,
    CVE-2022-30522, CVE-2022-30556, CVE-2022-28330)

  [ Yadd ]
  * Fix htcacheclean doc (Closes: #1010455)
  * New upstream version 2.4.54

 -- Yadd <yadd@xxxxxxxxxx>  Thu, 09 Jun 2022 06:33:53 +0200

No Ubuntu delta gets dropped this time; everything that remains is
ubuntu-specific.

Security wants this merge included in kinetic since it carries a number
of CVEs.  So this saves them some patching work that would otherwise be
necessary.

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: needs-merge

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1982048

Title:
  Re-merge apache2 for kinetic

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1982048/+subscriptions