File _patchinfo of Package patchinfo.17918

<patchinfo incident="17918">
  <issue tracker="cve" id="2021-30641"/>
  <issue tracker="cve" id="2021-26690"/>
  <issue tracker="cve" id="2021-26691"/>
  <issue tracker="cve" id="2021-31618"/>
  <issue tracker="cve" id="2019-10092"/>
  <issue tracker="cve" id="2020-35452"/>
  <issue tracker="bnc" id="1187174">VUL-0: CVE-2021-30641: apache2: MergeSlashes regression</issue>
  <issue tracker="bnc" id="1182703">VUL-1: apache2: 404 content spoofing in apache</issue>
  <issue tracker="bnc" id="1187017">VUL-0: CVE-2021-26691: apache2: Heap overflow in mod_session</issue>
  <issue tracker="bnc" id="1186923">VUL-0: CVE-2021-26690: apache2: mod_session NULL pointer dereference in parser</issue>
  <issue tracker="bnc" id="1145740">VUL-0: CVE-2019-10092: apache2: Limited cross-site scripting in mod_proxy</issue>
  <issue tracker="bnc" id="1186922">VUL-0: CVE-2020-35452: apache2: Single zero byte stack overflow in mod_auth_digest</issue>
  <issue tracker="bnc" id="1186924">VUL-0: CVE-2021-31618: apache2: NULL pointer dereference on specially crafted HTTP/2 request</issue>
  <issue tracker="bnc" id="1180530">apache2-utils: gensslcert does not set CA:true in basic constraints for the CA cert</issue>
 <packager>pgajdos</packager>
 <rating>important</rating>
 <category>security</category>
 <summary>Security update for apache2</summary>
 <description>This update for apache2 fixes the following issues:

- CVE-2021-30641: Fixed MergeSlashes regression (bsc#1187174)
- CVE-2021-31618: Fixed NULL pointer dereference on specially crafted HTTP/2 request (bsc#1186924)
- CVE-2020-35452: Fixed Single zero byte stack overflow in mod_auth_digest (bsc#1186922)
- CVE-2021-26690: Fixed mod_session NULL pointer dereference in parser (bsc#1186923)
- CVE-2021-26691: Fixed Heap overflow in mod_session (bsc#1187017)
- Fixed potential content spoofing with default error pages (bsc#1182703)
- Fixed for an issue when 'gensslcert' does not set CA:True. (bsc#1180530)
</description>
</patchinfo>