[ubuntu/lucid] apache2 2.2.14-5ubuntu3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Mar 10 20:05:15 GMT 2010 

apache2 (2.2.14-5ubuntu3) lucid; urgency=low

  * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
    - debian/patches/204_CVE-2010-0408.dpatch: return the right error code
      in modules/proxy/mod_proxy_ajp.c.
    - CVE-2010-0408
  * SECURITY UPDATE: information disclosure via improper handling of
    headers in subrequests
    - debian/patches/205_CVE-2010-0434.dpatch: use a copy of r->headers_in
      in server/protocol.c.
    - CVE-2010-0434

Date: Wed, 10 Mar 2010 14:48:48 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/apache2/2.2.14-5ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 10 Mar 2010 14:48:48 -0500
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source
Version: 2.2.14-5ubuntu3
Distribution: lucid
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-itk - multiuser MPM for Apache 2.2
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-bin - Apache HTTP Server common binary files
 apache2.2-common - Apache HTTP Server common files
Changes: 
 apache2 (2.2.14-5ubuntu3) lucid; urgency=low
 .
   * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
     - debian/patches/204_CVE-2010-0408.dpatch: return the right error code
       in modules/proxy/mod_proxy_ajp.c.
     - CVE-2010-0408
   * SECURITY UPDATE: information disclosure via improper handling of
     headers in subrequests
     - debian/patches/205_CVE-2010-0434.dpatch: use a copy of r->headers_in
       in server/protocol.c.
     - CVE-2010-0434
Checksums-Sha1: 
 c1a798b4a14f9b6bf8d5e70fb0fcc5082bd33c67 2026 apache2_2.2.14-5ubuntu3.dsc
 4da902e02ff4dce4e373ddc10d508e3487f22c92 197705 apache2_2.2.14-5ubuntu3.diff.gz
Checksums-Sha256: 
 c9ab73548779d171871947f8cfbe902b759da47d4cfefb2de348bedf9ab0ad44 2026 apache2_2.2.14-5ubuntu3.dsc
 bf1e338deaf14c344dad65c3f55c0cef7668e6c78601ba49a89f1f1e2c184721 197705 apache2_2.2.14-5ubuntu3.diff.gz
Files: 
 cd82dacb9402f50c774c81e19b43f0fd 2026 httpd optional apache2_2.2.14-5ubuntu3.dsc
 3895c51adfd511f49da8067beb2190dc 197705 httpd optional apache2_2.2.14-5ubuntu3.diff.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
Original-Vcs-Browser: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2
Original-Vcs-Svn: svn://svn.debian.org/pkg-apache/trunk/apache2

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkuX+fkACgkQLMAs/0C4zNqMRgCdHX69vefCG5KrVD2l95faGM5O
Z+wAoKp4EByJ+vNepDtjdXlvtspIIkh/
=NtnF
-----END PGP SIGNATURE-----

More information about the Lucid-changes mailing list