[ubuntu/lucid] apache2 2.2.14-2ubuntu1 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Thu Nov 12 22:50:16 GMT 2009 

apache2 (2.2.14-2ubuntu1) lucid; urgency=low

  * Merge from debian testing, remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/conrol: Add bzr tag and point it to our tree.
    - removed debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch: it was
      already dropped from 00list, so just remove the patch entirely

apache2 (2.2.14-2) unstable; urgency=medium

  * Security:
    Reject any client-initiated SSL/TLS renegotiations. This is a partial fix
    for the TLS renegotiation prefix injection attack (CVE-2009-3555).
    Any configuration which requires renegotiation for per-directory/location
    access control is still vulnerable.
  * Allow RemoveType to override the types from /etc/mime.types. This allows
    to use .es and .tr for Spanish and Turkish files in mod_negotiation.
    Closes: #496080
  * Fix 'CacheEnable disk http://'. Closes: #442266
  * Fix missing dependency by changing killall to pkill in the init script.
    LP: #460692
  * Add X-Interactive header to init script as it may ask for the ssl key
    passphrase. Closes: #554824
  * Move httxt2dbm man page into apache2.2-bin, which includes httxt2dbm, too.
  * Enable keepalive for MSIE 7 and newer in default-ssl site and README.Debian

Date: Thu, 12 Nov 2009 16:09:30 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/apache2/2.2.14-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 12 Nov 2009 16:09:30 -0600
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source
Version: 2.2.14-2ubuntu1
Distribution: lucid
Urgency: medium
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-itk - multiuser MPM for Apache 2.2
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-bin - Apache HTTP Server common binary files
 apache2.2-common - Apache HTTP Server common files
Closes: 442266 496080 554824
Changes: 
 apache2 (2.2.14-2ubuntu1) lucid; urgency=low
 .
   * Merge from debian testing, remaining changes:
     - debian/{control, rules}: Enable PIE hardening.
     - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles.
     - debian/conrol: Add bzr tag and point it to our tree.
     - removed debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch: it was
       already dropped from 00list, so just remove the patch entirely
 .
 apache2 (2.2.14-2) unstable; urgency=medium
 .
   * Security:
     Reject any client-initiated SSL/TLS renegotiations. This is a partial fix
     for the TLS renegotiation prefix injection attack (CVE-2009-3555).
     Any configuration which requires renegotiation for per-directory/location
     access control is still vulnerable.
   * Allow RemoveType to override the types from /etc/mime.types. This allows
     to use .es and .tr for Spanish and Turkish files in mod_negotiation.
     Closes: #496080
   * Fix 'CacheEnable disk http://'. Closes: #442266
   * Fix missing dependency by changing killall to pkill in the init script.
     LP: #460692
   * Add X-Interactive header to init script as it may ask for the ssl key
     passphrase. Closes: #554824
   * Move httxt2dbm man page into apache2.2-bin, which includes httxt2dbm, too.
   * Enable keepalive for MSIE 7 and newer in default-ssl site and README.Debian
Checksums-Sha1: 
 4b685caf660cc04ba323d9ebb8c812cf9f7fa19f 2008 apache2_2.2.14-2ubuntu1.dsc
 529b4c4e0737c679430ab0d1b8d04711bc2bf8a4 185939 apache2_2.2.14-2ubuntu1.diff.gz
Checksums-Sha256: 
 cc366ed1069603e6687af9eacffc218f305a427c6caf09d53ceea1ed5b2765c4 2008 apache2_2.2.14-2ubuntu1.dsc
 7dc16d701a7bd3cfc5a2433250d0e6ba50c1c1e9d8f808b234f0582b9027077d 185939 apache2_2.2.14-2ubuntu1.diff.gz
Files: 
 336777c2e677c623384e8a8c09073163 2008 httpd optional apache2_2.2.14-2ubuntu1.dsc
 e1ec0d0d87ad160f4018f3b25133971f 185939 httpd optional apache2_2.2.14-2ubuntu1.diff.gz
Launchpad-Bugs-Fixed: 460692
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
Original-Vcs-Browser: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2
Original-Vcs-Svn: svn://svn.debian.org/pkg-apache/trunk/apache2

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkr8kAEACgkQW0JvuRdL8BpYFwCgkH9NNL+1UqMxzGqfHXBcg1rP
ObMAoJt2BaaQREaAvlqj65RYpXVsxTR1
=yNsl
-----END PGP SIGNATURE-----

More information about the Lucid-changes mailing list