[ubuntu/hardy-security] apr, apr (delayed) 1.2.11-1ubuntu0.2 (Accepted)

Ubuntu Installer archive at ubuntu.com
Tue May 24 19:03:45 UTC 2011


apr (1.2.11-1ubuntu0.2) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
    apache's mod_index
    - debian/patches/025_fnmatch_CVE-2011-0419.dpatch: rewrite
      apr_fnmatch to have a better time bounds on execution.
    - CVE-2011-0419
    - debian/patches/026_fnmatch_CVE-2011-1928.dpatch: fix possible
      DoS introduced by patch for CVE-2011-0419.
    - CVE-2011-1928

Date: Fri, 20 May 2011 23:07:29 -0700
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/apr/1.2.11-1ubuntu0.2
-------------- next part --------------
Format: 1.7
Date: Fri, 20 May 2011 23:07:29 -0700
Source: apr
Binary: libapr1 libapr1-dev libapr1-dbg
Architecture: source
Version: 1.2.11-1ubuntu0.2
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description: 
 libapr1    - The Apache Portable Runtime Library
 libapr1-dbg - The Apache Portable Runtime Library - Development Headers
 libapr1-dev - The Apache Portable Runtime Library - Development Headers
Changes: 
 apr (1.2.11-1ubuntu0.2) hardy-security; urgency=low
 .
   * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
     apache's mod_index
     - debian/patches/025_fnmatch_CVE-2011-0419.dpatch: rewrite
       apr_fnmatch to have a better time bounds on execution.
     - CVE-2011-0419
     - debian/patches/026_fnmatch_CVE-2011-1928.dpatch: fix possible
       DoS introduced by patch for CVE-2011-0419.
     - CVE-2011-1928
Files: 
 4c797e5f91008e695e20272ae9d7c036 1761 libs optional apr_1.2.11-1ubuntu0.2.dsc
 d9bfb9b23f1193a111d4190a7113266a 22671 libs optional apr_1.2.11-1ubuntu0.2.diff.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>


More information about the Hardy-changes mailing list