News for package apache2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 3.0 (quilt)
Source: apache2
Binary: apache2, apache2-data, apache2-bin, apache2-utils, apache2-suexec-pristine, apache2-suexec-custom, apache2-doc, apache2-dev, apache2-ssl-dev, apache2-dbg
Architecture: any all
Version: 2.4.25-3+deb9u6
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Uploaders: Stefan Fritsch <sf@debian.org>, Arno Töll <arno@debian.org>
Homepage: http://httpd.apache.org/
Standards-Version: 3.9.8
Vcs-Browser: https://anonscm.debian.org/cgit/pkg-apache/apache2.git/
Vcs-Git: git://anonscm.debian.org/pkg-apache/apache2.git
Testsuite: autopkgtest
Testsuite-Triggers: build-essential, curl, dpkg-dev, expect, libanyevent-perl, libcrypt-ssleay-perl, libdatetime-perl, libhttp-dav-perl, libnet-ssleay-perl, libwww-perl, ssl-cert, wget
Build-Depends: debhelper (>= 9.20131213~), lsb-release, dpkg-dev (>= 1.16.1~), libaprutil1-dev (>= 1.5.0), libapr1-dev (>= 1.5.0), libpcre3-dev, zlib1g-dev, libnghttp2-dev, libssl1.0-dev | libssl-dev (<< 1.1), perl, liblua5.2-dev, libxml2-dev, autotools-dev, gawk | awk, dh-systemd
Build-Conflicts: autoconf2.13
Package-List:
 apache2 deb httpd optional arch=any
 apache2-bin deb httpd optional arch=any
 apache2-data deb httpd optional arch=all
 apache2-dbg deb debug extra arch=any
 apache2-dev deb httpd optional arch=any
 apache2-doc deb doc optional arch=all
 apache2-ssl-dev deb httpd optional arch=any
 apache2-suexec-custom deb httpd extra arch=any
 apache2-suexec-pristine deb httpd optional arch=any
 apache2-utils deb httpd optional arch=any
Checksums-Sha1:
 bd6d138c31c109297da2346c6e7b93b9283993d2 6398218 apache2_2.4.25.orig.tar.bz2
 ed7c894bcf537c64e69ae288a02977b7d6f6352a 790172 apache2_2.4.25-3+deb9u6.debian.tar.xz
Checksums-Sha256:
 f87ec2df1c9fee3e6bfde3c8b855a3ddb7ca1ab20ca877bd0e2b6bf3f05c80b2 6398218 apache2_2.4.25.orig.tar.bz2
 5fd9d307b0550e919ef03516e8fd0ce4366f20d2ffb349e6a0fd957dce853f3f 790172 apache2_2.4.25-3+deb9u6.debian.tar.xz
Files:
 2826f49619112ad5813c0be5afcc7ddb 6398218 apache2_2.4.25.orig.tar.bz2
 96fe0be15c776db7710d473acb7872b2 790172 apache2_2.4.25-3+deb9u6.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOpiNza8JqByyYYsxxodfNUHO/eAFAlvd78wACgkQxodfNUHO
/eBteA//V0E5ox2ULzK/vKujPBIsqj02dMjNRHXB/88YOL40r5mu/Ef9PDVlvziK
jH1Y7puAaar/t0YXCVs1dyT8G10fL0T90gd+xh37kR9q1l+JGGN8PSjO277LuOvH
B9IDzq/MqXsFTOJxG16X2FoOCtqo0sluFJWXRTOX4d65qU/MH0SJeGO6Gu3ZYCUd
T+610qIFoBavGAaBF7Rv6t97LAWPoegK8BN8c9go/xYdLi1HaNjfvVkPL4yCF5xg
V7S2jzhvqHPaZL0MtPVKtwrNY3m0oMI95YG2VXp885QKRyXIUzpvrSHS5jdJF5tQ
L6GrgvYpRw+G3NDmGm8no5VYVIXTsgdjWCgFQBTc9Z1abgAz9PyKJNCN3W+PMV2l
fZWtklkzf4gAHlP7jY4tMuEz2emJzHyio8td1LUp4ywthlzA3wegtZy2E6nWeHGc
o2UGCsj1iYVq+hxpq2E9S34fZasHqn/3voTNbrfqhB/yeRahwoiZIyRqWBpbFmt6
hX5L1IovcYSLoTfX0KoocEMHNO0wNwTx2GwxHYqkANf5gIrF5DzZKzbOAkHEJUbp
ibyuylDXEcQy6wJIna26l76FoaDgtpxjI/CRK3dlv5Q0p+vF80QMPEcCpUPxk4Bx
EMLMx/e+0EmyUAQRR1g3udHLdYc+e1khiqlBHf1Ci5kxOT51NvU=
=J/7H
-----END PGP SIGNATURE-----

<span id="changes">Changes:</span>
apache2 (2.4.25-3+deb9u6) stretch; urgency=medium

  * CVE-2018-1333: mod_http2: Fix DoS by worker exhaustion. Closes: #904106
  * CVE-2018-11763: mod_http2: Fix DoS by continuous SETTINGS.
    Closes: #909591
  * mod_proxy_fcgi: Fix segfault. Closes: #902906

 -- Stefan Fritsch <sf@debian.org>  Sat, 03 Nov 2018 19:46:19 +0100