File _patchinfo of Package patchinfo.15845

<patchinfo incident="15845">
  <issue tracker="bnc" id="1174052">apache segfaults when configured with proxy_uwsgi</issue>
  <issue tracker="bnc" id="1175070">VUL-0: CVE-2020-11993: apache2: when trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection</issue>
  <issue tracker="bnc" id="1175071">VUL-0: CVE-2020-9490: apache2: specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash</issue>
  <issue tracker="bnc" id="1175074">VUL-0: CVE-2020-11984: apache2: mod_proxy_uwsgi info disclosure and possible RCE</issue>
  <issue tracker="cve" id="2020-9490"/>
  <issue tracker="cve" id="2020-11984"/>
  <issue tracker="cve" id="2020-11993"/>
  <packager>pgajdos</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for apache2</summary>
  <description>This update for apache2 fixes the following issues:

- CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071).
- CVE-2020-11984: Fixed an information disclosure bug in mod_proxy_uwsgi (bsc#1175074).
- CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070).

- Solve a crash in mod_proxy_uwsgi for empty values of environment variables. (bsc#1174052)
</description>
</patchinfo>