[ubuntu/dapper-security] apache2 (delayed), apache2 2.0.55-4ubuntu2.13 (Accepted)

Ubuntu Installer archive at ubuntu.com
Tue May 24 19:04:01 UTC 2011 

apache2 (2.0.55-4ubuntu2.13) dapper-security; urgency=low

  * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
    apache's mod_index
    - debian/patches/122_fnmatch_CVE-2011-0419.patch: rewrite
      apr_fnmatch to have a better time bounds on execution.
    - CVE-2011-0419
    - debian/patches/123_fnmatch_CVE-2011-1928.patch: fix possible
      DoS introduced by patch for CVE-2011-0419.
    - CVE-2011-1928

Date: Sun, 22 May 2011 21:17:32 -0700
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
https://launchpad.net/ubuntu/dapper/+source/apache2/2.0.55-4ubuntu2.13
-------------- next part --------------
Format: 1.7
Date: Sun, 22 May 2011 21:17:32 -0700
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: source
Version: 2.0.55-4ubuntu2.13
Distribution: dapper-security
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description: 
 apache2    - next generation, scalable, extendable web server
 apache2-common - next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2
 apache2-mpm-prefork - traditional model for Apache2
 apache2-mpm-worker - high speed threaded model for Apache2
 apache2-prefork-dev - development headers for apache2
 apache2-threaded-dev - development headers for apache2
 apache2-utils - utility programs for webservers
 libapr0    - the Apache Portable Runtime
 libapr0-dev - development headers for libapr
Changes: 
 apache2 (2.0.55-4ubuntu2.13) dapper-security; urgency=low
 .
   * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
     apache's mod_index
     - debian/patches/122_fnmatch_CVE-2011-0419.patch: rewrite
       apr_fnmatch to have a better time bounds on execution.
     - CVE-2011-0419
     - debian/patches/123_fnmatch_CVE-2011-1928.patch: fix possible
       DoS introduced by patch for CVE-2011-0419.
     - CVE-2011-1928
Files: 
 c83b6a6795065c007da7a1764347bf3d 1823 net optional apache2_2.0.55-4ubuntu2.13.dsc
 e1bed19dc3827f4e375d1fbb87693cbf 141485 net optional apache2_2.0.55-4ubuntu2.13.diff.gz

More information about the dapper-changes mailing list