[ubuntu/hardy-security] apache2 2.2.8-1ubuntu0.21 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Thu Sep 1 21:04:38 UTC 2011 

apache2 (2.2.8-1ubuntu0.21) hardy-security; urgency=low

  * SECURITY UPDATE: Range header DoS vulnerability
    * debian/patches/214_CVE-2011-3192.dpatch: filter out large
      byte ranges and improve memory efficiency in handling buckets.
      (thanks to Debian and upstream)
    * CVE-2011-3192
  * Include fix for regressions introduced by above patch:
    - debian/patches/084_CVE-2011-3192_regression.dpatch: return 206
      and 416 response codes where appropriate (see deban bug 639825)

Date: Thu, 01 Sep 2011 01:53:46 -0700
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/apache2/2.2.8-1ubuntu0.21
-------------- next part --------------
Format: 1.7
Date: Thu, 01 Sep 2011 01:53:46 -0700
Source: apache2
Binary: apache2.2-common apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-perchild apache2-utils apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-src apache2-dbg
Architecture: source
Version: 2.2.8-1ubuntu0.21
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description: 
 apache2    - Next generation, scalable, extendable web server
 apache2-dbg - Apache debugging symbols
 apache2-doc - documentation for apache2
 apache2-mpm-event - Event driven model for Apache HTTPD
 apache2-mpm-perchild - Transitional package - please remove
 apache2-mpm-prefork - Traditional model for Apache HTTPD
 apache2-mpm-worker - High speed threaded model for Apache HTTPD
 apache2-prefork-dev - development headers for apache2
 apache2-src - Apache source code
 apache2-threaded-dev - development headers for apache2
 apache2-utils - utility programs for webservers
 apache2.2-common - Next generation, scalable, extendable web server
Changes: 
 apache2 (2.2.8-1ubuntu0.21) hardy-security; urgency=low
 .
   * SECURITY UPDATE: Range header DoS vulnerability
     * debian/patches/214_CVE-2011-3192.dpatch: filter out large
       byte ranges and improve memory efficiency in handling buckets.
       (thanks to Debian and upstream)
     * CVE-2011-3192
   * Include fix for regressions introduced by above patch:
     - debian/patches/084_CVE-2011-3192_regression.dpatch: return 206
       and 416 response codes where appropriate (see deban bug 639825)
Files: 
 cb18e562c26dfaec33ef86b8064ed793 2041 web optional apache2_2.2.8-1ubuntu0.21.dsc
 126548bde93f428d79ba75d49b157e0c 153310 web optional apache2_2.2.8-1ubuntu0.21.diff.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>

More information about the Hardy-changes mailing list