[ubuntu/maverick-security] apache2 2.2.16-1ubuntu3.4 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Thu Nov 10 22:03:54 UTC 2011 

apache2 (2.2.16-1ubuntu3.4) maverick-security; urgency=low

  * SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740)
    - debian/patches/212_CVE-2011-3368.dpatch: return 400
      on invalid requests. (patch courtesy of Michael Jeanson)
    - debian/patches/214_CVE-2011-3368_part2.dpatch: fix same for http
      0.9 protocol
    - CVE-2011-3368
  * SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674)
    - debian/patches/213_CVE-2011-3348.dpatch: return
      HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested
    - CVE-2011-3348
  * SECURITY UPDATE: mpm-itk failure to drop privileges in certain
    configurations
    - debian/mpm-itk/patches/11-CVE-2011-1176.patch: merge
      configurations correctly
    - CVE-2011-1176
  * Include additional fixes for regressions introduced by
    CVE-2011-3192 fixes
    - debian/patches/085_CVE-2011-3192_regression_part2.dpatch:
      take upstream fixes for byterange_filter.c through the 2.2.21
      release except for the added MaxRanges configuration option along
      with a fix staged for 2.2.22.

Date: Wed, 02 Nov 2011 17:23:07 -0700
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/apache2/2.2.16-1ubuntu3.4
-------------- next part --------------
Format: 1.8
Date: Wed, 02 Nov 2011 17:23:07 -0700
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source
Version: 2.2.16-1ubuntu3.4
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-itk - multiuser MPM for Apache 2.2
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-bin - Apache HTTP Server common binary files
 apache2.2-common - Apache HTTP Server common files
Launchpad-Bugs-Fixed: 871674 877740
Changes: 
 apache2 (2.2.16-1ubuntu3.4) maverick-security; urgency=low
 .
   * SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740)
     - debian/patches/212_CVE-2011-3368.dpatch: return 400
       on invalid requests. (patch courtesy of Michael Jeanson)
     - debian/patches/214_CVE-2011-3368_part2.dpatch: fix same for http
       0.9 protocol
     - CVE-2011-3368
   * SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674)
     - debian/patches/213_CVE-2011-3348.dpatch: return
       HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested
     - CVE-2011-3348
   * SECURITY UPDATE: mpm-itk failure to drop privileges in certain
     configurations
     - debian/mpm-itk/patches/11-CVE-2011-1176.patch: merge
       configurations correctly
     - CVE-2011-1176
   * Include additional fixes for regressions introduced by
     CVE-2011-3192 fixes
     - debian/patches/085_CVE-2011-3192_regression_part2.dpatch:
       take upstream fixes for byterange_filter.c through the 2.2.21
       release except for the added MaxRanges configuration option along
       with a fix staged for 2.2.22.
Checksums-Sha1: 
 bbe12bbf2fa656a8365f24ee5b0d1d72091025b2 2686 apache2_2.2.16-1ubuntu3.4.dsc
 79d5cf97b7bd57901ba312ab9f4266394c109f52 222629 apache2_2.2.16-1ubuntu3.4.diff.gz
Checksums-Sha256: 
 462b940fcb382c9c75b86d4140c86323718c5c68a5b16e33997c312f756341c9 2686 apache2_2.2.16-1ubuntu3.4.dsc
 6140f638debf20b00fc0d7ef65abbdbf4059efd2f736cccf659d0fe80e699e14 222629 apache2_2.2.16-1ubuntu3.4.diff.gz
Files: 
 fb07fe8147bf30fbcfa243cebfb72399 2686 httpd optional apache2_2.2.16-1ubuntu3.4.dsc
 6f8b956f238843da218f7b0c3b1446db 222629 httpd optional apache2_2.2.16-1ubuntu3.4.diff.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
Original-Vcs-Browser: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2
Original-Vcs-Svn: svn://svn.debian.org/pkg-apache/trunk/apache2

More information about the Maverick-changes mailing list