[ubuntu/lucid] apache2 2.2.14-1ubuntu1 (Accepted)

Chuck Short zulcss at ubuntu.com
Fri Nov 6 19:45:19 GMT 2009 

apache2 (2.2.14-1ubuntu1) lucid; urgency=low

  * Merge from debian testing, remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/conrol: Add bzr tag and point it to our tree.
    - Dropped debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch:
      Already applied upstream.

apache2 (2.2.14-1) unstable; urgency=low

  * New upstream version:
    - new module mod_proxy_scgi
  * Disable hardening option -pie again, as gdb in Debian does not support
    it properly and it is broken on mips*.

apache2 (2.2.13-2) unstable; urgency=high

  * mod_proxy_ftp security fixes (closes: #545951):
    - DoS by malicious ftp server (CVE-2009-3094)
    - missing input sanitization: a user could execute arbitrary ftp commands
      on the backend ftp server (CVE-2009-3095)
  * Add entries to NEWS.Debian and README.Debian about Apache being stricter
    about certain misconfigurations involving name based SSL virtual hosts.
    Also make Apache print the location of the misconfigured VirtualHost when
    it complains about a missing SSLCertificateFile statement. Closes: #541607
  * Add Build-Conflicts: autoconf2.13 (closes: #541536).
  * Adjust priority of apache2-mpm-itk to extra.
  * Switch apache2.2-common and the four mpm packages from architecture all to
    any. This is stupid but makes apache2 binNMUable again (closes: #544509).
  * Bump Standards-Version (no changes).

apache2 (2.2.13-1) unstable; urgency=low

  * New upstream release:
    - Fixes segfault with mod_deflate and mod_php (closes: #542623).

Date: Fri, 06 Nov 2009 00:29:03 +0000
Changed-By: Chuck Short <zulcss at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Chuck Short <chuck.short at canonical.com>
https://launchpad.net/ubuntu/lucid/+source/apache2/2.2.14-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 06 Nov 2009 00:29:03 +0000
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source
Version: 2.2.14-1ubuntu1
Distribution: lucid
Urgency: high
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Chuck Short <zulcss at ubuntu.com>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-itk - multiuser MPM for Apache 2.2
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-bin - Apache HTTP Server common binary files
 apache2.2-common - Apache HTTP Server common files
Closes: 541536 541607 542623 544509 545951
Changes: 
 apache2 (2.2.14-1ubuntu1) lucid; urgency=low
 .
   * Merge from debian testing, remaining changes:
     - debian/{control, rules}: Enable PIE hardening.
     - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles.
     - debian/conrol: Add bzr tag and point it to our tree.
     - Dropped debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch:
       Already applied upstream.
 .
 apache2 (2.2.14-1) unstable; urgency=low
 .
   * New upstream version:
     - new module mod_proxy_scgi
   * Disable hardening option -pie again, as gdb in Debian does not support
     it properly and it is broken on mips*.
 .
 apache2 (2.2.13-2) unstable; urgency=high
 .
   * mod_proxy_ftp security fixes (closes: #545951):
     - DoS by malicious ftp server (CVE-2009-3094)
     - missing input sanitization: a user could execute arbitrary ftp commands
       on the backend ftp server (CVE-2009-3095)
   * Add entries to NEWS.Debian and README.Debian about Apache being stricter
     about certain misconfigurations involving name based SSL virtual hosts.
     Also make Apache print the location of the misconfigured VirtualHost when
     it complains about a missing SSLCertificateFile statement. Closes: #541607
   * Add Build-Conflicts: autoconf2.13 (closes: #541536).
   * Adjust priority of apache2-mpm-itk to extra.
   * Switch apache2.2-common and the four mpm packages from architecture all to
     any. This is stupid but makes apache2 binNMUable again (closes: #544509).
   * Bump Standards-Version (no changes).
 .
 apache2 (2.2.13-1) unstable; urgency=low
 .
   * New upstream release:
     - Fixes segfault with mod_deflate and mod_php (closes: #542623).
Checksums-Sha1: 
 a0d0e94b8e8282cde83fd6c2c1d00e0769e4e5be 2008 apache2_2.2.14-1ubuntu1.dsc
 e6e20b3fc58a57a5116e036e31bf97d409db7cfa 6684081 apache2_2.2.14.orig.tar.gz
 bb78a9a836418d2ab15f2ed91a18c7df23f12b75 180669 apache2_2.2.14-1ubuntu1.diff.gz
Checksums-Sha256: 
 2f910a1291085a94b37b232e912d44cf335876c4d4b135ff931b61719a181baa 2008 apache2_2.2.14-1ubuntu1.dsc
 d5792809e7667c784005284fafe28a55cb89bd4cfbea4a34f3b8e56c10d673c8 6684081 apache2_2.2.14.orig.tar.gz
 dafe59f0480f69c7726ec3439f1cc2f9ba9e20bb81fda1d760c5ee6fac646af6 180669 apache2_2.2.14-1ubuntu1.diff.gz
Files: 
 8ad68f5fe287aa914e431f9fb0356f5a 2008 httpd optional apache2_2.2.14-1ubuntu1.dsc
 2c1e3c7ba00bcaa0163da7b3e66aaa1e 6684081 httpd optional apache2_2.2.14.orig.tar.gz
 9a67a2d397f13a3f28738a562d76084d 180669 httpd optional apache2_2.2.14-1ubuntu1.diff.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
Original-Vcs-Browser: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2
Original-Vcs-Svn: svn://svn.debian.org/pkg-apache/trunk/apache2

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkr0eYYACgkQIHZ33voUATuj/ACfWCkeKIEe2Y/IH/G/Q+i65bhz
WMsAn3P0GFtN9h0ASLEmXeKOCZVc1r4X
=wjXx
-----END PGP SIGNATURE-----

More information about the Lucid-changes mailing list