[ubuntu/jaunty-security] apache2 (delayed), apache2 2.2.11-2ubuntu2.6 (Accepted)

Ubuntu Installer archive at ubuntu.com
Wed Mar 10 19:03:43 GMT 2010


apache2 (2.2.11-2ubuntu2.6) jaunty-security; urgency=low

  * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
    - debian/patches/907_CVE-2010-0408.dpatch: return the right error code
      in modules/proxy/mod_proxy_ajp.c.
    - CVE-2010-0408
  * SECURITY UPDATE: information disclosure via improper handling of
    headers in subrequests
    - debian/patches/908_CVE-2010-0434.dpatch: use a copy of r->headers_in
      in server/protocol.c.
    - CVE-2010-0434

Date: Mon, 08 Mar 2010 11:26:48 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/apache2/2.2.11-2ubuntu2.6
-------------- next part --------------
Format: 1.8
Date: Mon, 08 Mar 2010 11:26:48 -0500
Source: apache2
Binary: apache2.2-common apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-src apache2-dbg
Architecture: source
Version: 2.2.11-2ubuntu2.6
Distribution: jaunty-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-src - Apache source code
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-common - Apache HTTP Server common files
Changes: 
 apache2 (2.2.11-2ubuntu2.6) jaunty-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
     - debian/patches/907_CVE-2010-0408.dpatch: return the right error code
       in modules/proxy/mod_proxy_ajp.c.
     - CVE-2010-0408
   * SECURITY UPDATE: information disclosure via improper handling of
     headers in subrequests
     - debian/patches/908_CVE-2010-0434.dpatch: use a copy of r->headers_in
       in server/protocol.c.
     - CVE-2010-0434
Checksums-Sha1: 
 ae3e9ed8c80563589da9a65f5e1a8a20d86292f0 1796 apache2_2.2.11-2ubuntu2.6.dsc
 4120ffc1634cd252984fe6b8257fc92b2317c19a 142681 apache2_2.2.11-2ubuntu2.6.diff.gz
Checksums-Sha256: 
 26a4f7b79a778d0ee007e2572c0e7f887079a190738853f3e8fc320bc5ec45f9 1796 apache2_2.2.11-2ubuntu2.6.dsc
 bbed13ae9f46e53dbc5b3435ec563ded25aebdc88c3debe112bf55603f2455fe 142681 apache2_2.2.11-2ubuntu2.6.diff.gz
Files: 
 c92dc8b9df72439a68fb9acabe825d34 1796 web optional apache2_2.2.11-2ubuntu2.6.dsc
 9290c7aa5d38184a259ed1e8b31f302e 142681 web optional apache2_2.2.11-2ubuntu2.6.diff.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>


More information about the Jaunty-changes mailing list