News for package apache2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 3.0 (quilt)
Source: apache2
Binary: apache2, apache2-data, apache2-bin, apache2-utils, apache2-suexec-pristine, apache2-suexec-custom, apache2-doc, apache2-dev, apache2-ssl-dev, apache2-dbg
Architecture: any all
Version: 2.4.25-3+deb9u5
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Uploaders: Stefan Fritsch <sf@debian.org>, Arno Töll <arno@debian.org>
Homepage: http://httpd.apache.org/
Standards-Version: 3.9.8
Vcs-Browser: https://anonscm.debian.org/cgit/pkg-apache/apache2.git/
Vcs-Git: git://anonscm.debian.org/pkg-apache/apache2.git
Testsuite: autopkgtest
Testsuite-Triggers: build-essential, curl, dpkg-dev, expect, libanyevent-perl, libcrypt-ssleay-perl, libdatetime-perl, libhttp-dav-perl, libnet-ssleay-perl, libwww-perl, ssl-cert, wget
Build-Depends: debhelper (>= 9.20131213~), lsb-release, dpkg-dev (>= 1.16.1~), libaprutil1-dev (>= 1.5.0), libapr1-dev (>= 1.5.0), libpcre3-dev, zlib1g-dev, libnghttp2-dev, libssl1.0-dev | libssl-dev (<< 1.1), perl, liblua5.2-dev, libxml2-dev, autotools-dev, gawk | awk, dh-systemd
Build-Conflicts: autoconf2.13
Package-List:
 apache2 deb httpd optional arch=any
 apache2-bin deb httpd optional arch=any
 apache2-data deb httpd optional arch=all
 apache2-dbg deb debug extra arch=any
 apache2-dev deb httpd optional arch=any
 apache2-doc deb doc optional arch=all
 apache2-ssl-dev deb httpd optional arch=any
 apache2-suexec-custom deb httpd extra arch=any
 apache2-suexec-pristine deb httpd optional arch=any
 apache2-utils deb httpd optional arch=any
Checksums-Sha1:
 bd6d138c31c109297da2346c6e7b93b9283993d2 6398218 apache2_2.4.25.orig.tar.bz2
 222669e18a9027b65e7d49c5addb58670a627449 786444 apache2_2.4.25-3+deb9u5.debian.tar.xz
Checksums-Sha256:
 f87ec2df1c9fee3e6bfde3c8b855a3ddb7ca1ab20ca877bd0e2b6bf3f05c80b2 6398218 apache2_2.4.25.orig.tar.bz2
 66d6f8381e5e913e0e20fa5d555115d55d82dbbd2110c3c44d591840bf57f143 786444 apache2_2.4.25-3+deb9u5.debian.tar.xz
Files:
 2826f49619112ad5813c0be5afcc7ddb 6398218 apache2_2.4.25.orig.tar.bz2
 d7a3d205fc0516654e904c6f844d5887 786444 apache2_2.4.25-3+deb9u5.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOpiNza8JqByyYYsxxodfNUHO/eAFAlsSVLkACgkQxodfNUHO
/eCHnw//YIcTrlhKR0z/2zT52o3nZc4z9KdL68dYPufWjh5l7LUbzZAJ+CEBMnyS
Y+adlpeO2O3JK633lYr5kPvxC8YDL+sVWE7WWaryUMfGVYp9HWbsYkVyoVeTuGi3
BtylXq5wmkgC++sVf45y7/XG5E6BhJo8qhorF9ZtDyKghC2bB9JWaDtC1KJXi1m2
gT80dQhSJpuV4mGUrbBVnpJBj8nmeAdjjREVQww6Zyx9iQEbv08z+VBjsHu5i+hZ
4HVSnpEtYeanDznYjOuiu/+3zsCnMYNB7uLoqUFnZG7YtnODOr+0zdKES3b5wZCS
leK+x4zrovK2i7MX97xN7FKJvuMtVJs4dOb6kxFm5zzsuE6HrQmbbqaFdzmZmfZ6
rYJea2TsYO8IbRYBStsBmd9fXXakZcj/tQTAz5xg9tG7IBgoohySGYk7iMqSCROc
/816v1bSzHVSBYDCQlZMO4lzsmULkMhv/fYGopwjcq1eu3mwYpDLaQA9tOH3tCsq
nQ8UawrvWzjrtpW818D3BUMVo4bpGm3EtIWER+JloIAMPkzOI1AlEfnWYsKjLqZm
qM98ukEo6uMfRquu8HcNQ5uBWOjpSSACV0ThjdAhWlwq+K3lp0v4rd0yRS5n0hsK
8wxtKTc9mGh89ShIxYs8NH8bXuTQ+dihr/Ntr5kYmRxKkQm8aIE=
=Yd3Q
-----END PGP SIGNATURE-----

<span id="changes">Changes:</span>
apache2 (2.4.25-3+deb9u5) stretch; urgency=medium

  * Upgrade mod_http and mod_proxy_http2 to the versions from 2.4.33. This
    fixes
    - CVE-2018-1302: mod_http2: Potential crash w/ mod_http2
    - Segfaults in mod_http2 (Closes: #873945)
    - mod_http2 issue with option "Indexes" and directive "HeaderName"
      (Closes: #850947)
    Unfortunately, this also removes support for http2 when running on
    mpm_prefork.
  * mod_http2: Avoid high memory usage with large files, causing crashes on
    32bit archs. Closes: #897218
  * Make the apache-htcacheclean init script actually look into
    /etc/default/apache-htcacheclean for its config. Closes: #898563

 -- Stefan Fritsch <sf@debian.org>  Sat, 02 Jun 2018 10:01:13 +0200