[ubuntu/lucid-security] apache2 2.2.14-5ubuntu8.6 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Thu Sep 1 21:04:15 UTC 2011 

apache2 (2.2.14-5ubuntu8.6) lucid-security; urgency=low

  * SECURITY UPDATE: Range header DoS vulnerability
    - debian/patches/207_CVE-2011-3192.dpatch: filter out large
      byte ranges and improve memory efficiency in handling buckets.
      (thanks to Debian and upstream)
    - CVE-2011-3192
  * Include fix for regressions introduced by above patch:
    - debian/patches/208_CVE-2011-3192_regression.dpatch: return 206
      and 416 response codes where appropriate (see deban bug 639825)

Date: Thu, 01 Sep 2011 01:52:17 -0700
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/apache2/2.2.14-5ubuntu8.6
-------------- next part --------------
Format: 1.8
Date: Thu, 01 Sep 2011 01:52:17 -0700
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source
Version: 2.2.14-5ubuntu8.6
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-itk - multiuser MPM for Apache 2.2
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-bin - Apache HTTP Server common binary files
 apache2.2-common - Apache HTTP Server common files
Changes: 
 apache2 (2.2.14-5ubuntu8.6) lucid-security; urgency=low
 .
   * SECURITY UPDATE: Range header DoS vulnerability
     - debian/patches/207_CVE-2011-3192.dpatch: filter out large
       byte ranges and improve memory efficiency in handling buckets.
       (thanks to Debian and upstream)
     - CVE-2011-3192
   * Include fix for regressions introduced by above patch:
     - debian/patches/208_CVE-2011-3192_regression.dpatch: return 206
       and 416 response codes where appropriate (see deban bug 639825)
Checksums-Sha1: 
 f5885d1d9ffa536eb3eb484c2eeb1ba17b34dded 2697 apache2_2.2.14-5ubuntu8.6.dsc
 5a5114de188956bee62b5e250a1d98d48ca24c8d 221516 apache2_2.2.14-5ubuntu8.6.diff.gz
Checksums-Sha256: 
 8b46d689ec66eb19fce488c23ceaffc640b66b90e4f102c78dfd2898bcdd5aeb 2697 apache2_2.2.14-5ubuntu8.6.dsc
 3388d6613739c83dd017e682c844b515adca2d88bf06079b9dc3cebfbfc5b668 221516 apache2_2.2.14-5ubuntu8.6.diff.gz
Files: 
 3974d9737d281c0acb00c0f931fbb77e 2697 httpd optional apache2_2.2.14-5ubuntu8.6.dsc
 25be3320d327f8a91b874c1f0675df77 221516 httpd optional apache2_2.2.14-5ubuntu8.6.diff.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
Original-Vcs-Browser: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2
Original-Vcs-Svn: svn://svn.debian.org/pkg-apache/trunk/apache2

More information about the Lucid-changes mailing list