[ubuntu/natty-security] apache2 2.2.17-1ubuntu1.4 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Thu Nov 10 22:03:38 UTC 2011
apache2 (2.2.17-1ubuntu1.4) natty-security; urgency=low
* SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740)
- debian/patches/212_CVE-2011-3368.dpatch: return 400
on invalid requests. (patch courtesy of Michael Jeanson)
- debian/patches/214_CVE-2011-3368_part2.dpatch: fix same for http
0.9 protocol
- CVE-2011-3368
* SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674)
- debian/patches/213_CVE-2011-3348.dpatch: return
HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested
- CVE-2011-3348
* SECURITY UPDATE: mpm-itk failure to drop privileges in certain
configurations
- debian/mpm-itk/patches/11-CVE-2011-1176.patch: merge
configurations correctly
- CVE-2011-1176
* Include additional fixes for regressions introduced by
CVE-2011-3192 fixes
- debian/patches/084_CVE-2011-3192_regression_part2.dpatch:
take upstream fixes for byterange_filter.c through the 2.2.21
release except for the added MaxRanges configuration option along
with a fix staged for 2.2.22.
Date: Wed, 02 Nov 2011 17:21:04 -0700
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/apache2/2.2.17-1ubuntu1.4
-------------- next part --------------
Format: 1.8
Date: Wed, 02 Nov 2011 17:21:04 -0700
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source
Version: 2.2.17-1ubuntu1.4
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description:
apache2 - Apache HTTP Server metapackage
apache2-dbg - Apache debugging symbols
apache2-doc - Apache HTTP Server documentation
apache2-mpm-event - Apache HTTP Server - event driven model
apache2-mpm-itk - multiuser MPM for Apache 2.2
apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
apache2-mpm-worker - Apache HTTP Server - high speed threaded model
apache2-prefork-dev - Apache development headers - non-threaded MPM
apache2-suexec - Standard suexec program for Apache 2 mod_suexec
apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
apache2-threaded-dev - Apache development headers - threaded MPM
apache2-utils - utility programs for webservers
apache2.2-bin - Apache HTTP Server common binary files
apache2.2-common - Apache HTTP Server common files
Launchpad-Bugs-Fixed: 871674 877740
Changes:
apache2 (2.2.17-1ubuntu1.4) natty-security; urgency=low
.
* SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740)
- debian/patches/212_CVE-2011-3368.dpatch: return 400
on invalid requests. (patch courtesy of Michael Jeanson)
- debian/patches/214_CVE-2011-3368_part2.dpatch: fix same for http
0.9 protocol
- CVE-2011-3368
* SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674)
- debian/patches/213_CVE-2011-3348.dpatch: return
HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested
- CVE-2011-3348
* SECURITY UPDATE: mpm-itk failure to drop privileges in certain
configurations
- debian/mpm-itk/patches/11-CVE-2011-1176.patch: merge
configurations correctly
- CVE-2011-1176
* Include additional fixes for regressions introduced by
CVE-2011-3192 fixes
- debian/patches/084_CVE-2011-3192_regression_part2.dpatch:
take upstream fixes for byterange_filter.c through the 2.2.21
release except for the added MaxRanges configuration option along
with a fix staged for 2.2.22.
Checksums-Sha1:
94de28c124c593810670ed704dc926dce2bbf8a8 2628 apache2_2.2.17-1ubuntu1.4.dsc
488a52a48cfd334319bd388ec64282a59aff9218 221087 apache2_2.2.17-1ubuntu1.4.diff.gz
Checksums-Sha256:
3a1d33969862cd8b913a9589aa5c6f30fc2aab3ce227cacea58630bbf077d9a6 2628 apache2_2.2.17-1ubuntu1.4.dsc
48988ab39cbf1f4c16733903405cf50fd637004c2d4b65343633d807525f57c7 221087 apache2_2.2.17-1ubuntu1.4.diff.gz
Files:
bd06bc4ce9970cf1bfb281d0b8088d77 2628 httpd optional apache2_2.2.17-1ubuntu1.4.dsc
a76cd8eb9a36cd48a9dc943ae3c7e34f 221087 httpd optional apache2_2.2.17-1ubuntu1.4.diff.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
Original-Vcs-Browser: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2
Original-Vcs-Svn: svn://svn.debian.org/pkg-apache/trunk/apache2
More information about the Natty-changes
mailing list