[ubuntu/hardy-security] apache2 2.2.8-1ubuntu0.22 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Thu Nov 10 22:04:38 UTC 2011
apache2 (2.2.8-1ubuntu0.22) hardy-security; urgency=low
[ Michael Jeanson ]
* SECURITY UPDATE: mod_proxy reverse proxy exposure
* debian/patches/216_CVE-2011-3368.dpatch: return 400
on invalid requests.
- debian/patches/214_CVE-2011-3368_part2.dpatch: fix same for http
0.9 protocol
[ Steve Beattie ]
* SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674)
- debian/patches/213_CVE-2011-3348.dpatch: return
HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested
- CVE-2011-3348
* Include additional fixes for regressions introduced by
CVE-2011-3192 fixes
- debian/patches/084_CVE-2011-3192_regression_part2.dpatch:
take upstream fixes for byterange_filter.c through the 2.2.21
release except for the added MaxRanges configuration option.
Date: Wed, 02 Nov 2011 19:43:46 -0700
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/apache2/2.2.8-1ubuntu0.22
-------------- next part --------------
Format: 1.7
Date: Wed, 02 Nov 2011 19:43:46 -0700
Source: apache2
Binary: apache2.2-common apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-perchild apache2-utils apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-src apache2-dbg
Architecture: source
Version: 2.2.8-1ubuntu0.22
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description:
apache2 - Next generation, scalable, extendable web server
apache2-dbg - Apache debugging symbols
apache2-doc - documentation for apache2
apache2-mpm-event - Event driven model for Apache HTTPD
apache2-mpm-perchild - Transitional package - please remove
apache2-mpm-prefork - Traditional model for Apache HTTPD
apache2-mpm-worker - High speed threaded model for Apache HTTPD
apache2-prefork-dev - development headers for apache2
apache2-src - Apache source code
apache2-threaded-dev - development headers for apache2
apache2-utils - utility programs for webservers
apache2.2-common - Next generation, scalable, extendable web server
Launchpad-Bugs-Fixed: 871674
Changes:
apache2 (2.2.8-1ubuntu0.22) hardy-security; urgency=low
.
[ Michael Jeanson ]
* SECURITY UPDATE: mod_proxy reverse proxy exposure
* debian/patches/216_CVE-2011-3368.dpatch: return 400
on invalid requests.
- debian/patches/214_CVE-2011-3368_part2.dpatch: fix same for http
0.9 protocol
.
[ Steve Beattie ]
* SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674)
- debian/patches/213_CVE-2011-3348.dpatch: return
HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested
- CVE-2011-3348
* Include additional fixes for regressions introduced by
CVE-2011-3192 fixes
- debian/patches/084_CVE-2011-3192_regression_part2.dpatch:
take upstream fixes for byterange_filter.c through the 2.2.21
release except for the added MaxRanges configuration option.
Files:
ff44e90061cdcb7d037ef7aa119eefd9 2041 web optional apache2_2.2.8-1ubuntu0.22.dsc
69a153f3d5ad6728f17ce3e189cb046c 157420 web optional apache2_2.2.8-1ubuntu0.22.diff.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
More information about the Hardy-changes
mailing list