[ubuntu/oneiric-security] apache2 2.2.20-1ubuntu1.1 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Thu Nov 10 22:03:22 UTC 2011
apache2 (2.2.20-1ubuntu1.1) oneiric-security; urgency=low
* SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740)
- debian/patches/212_CVE-2011-3368.dpatch: return 400
on invalid requests. (patch courtesy of Michael Jeanson)
- CVE-2011-3368
* SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674)
- debian/patches/213_CVE-2011-3348.dpatch: return
HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested
- CVE-2011-3348
* Include additional fixes for regressions introduced by
CVE-2011-3192 fixes
- debian/patches/214_CVE-2011-3192_regression.dpatch:
take upstream fixes for byterange_filter.c through the 2.2.21
release except for the added MaxRanges configuration option, along
with a staged fix for the 2.2.22 release.
Date: Mon, 07 Nov 2011 14:01:10 -0800
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/apache2/2.2.20-1ubuntu1.1
-------------- next part --------------
Format: 1.8
Date: Mon, 07 Nov 2011 14:01:10 -0800
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source
Version: 2.2.20-1ubuntu1.1
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description:
apache2 - Apache HTTP Server metapackage
apache2-dbg - Apache debugging symbols
apache2-doc - Apache HTTP Server documentation
apache2-mpm-event - Apache HTTP Server - event driven model
apache2-mpm-itk - multiuser MPM for Apache 2.2
apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
apache2-mpm-worker - Apache HTTP Server - high speed threaded model
apache2-prefork-dev - Apache development headers - non-threaded MPM
apache2-suexec - Standard suexec program for Apache 2 mod_suexec
apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
apache2-threaded-dev - Apache development headers - threaded MPM
apache2-utils - utility programs for webservers
apache2.2-bin - Apache HTTP Server common binary files
apache2.2-common - Apache HTTP Server common files
Launchpad-Bugs-Fixed: 871674 877740
Changes:
apache2 (2.2.20-1ubuntu1.1) oneiric-security; urgency=low
.
* SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740)
- debian/patches/212_CVE-2011-3368.dpatch: return 400
on invalid requests. (patch courtesy of Michael Jeanson)
- CVE-2011-3368
* SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674)
- debian/patches/213_CVE-2011-3348.dpatch: return
HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested
- CVE-2011-3348
* Include additional fixes for regressions introduced by
CVE-2011-3192 fixes
- debian/patches/214_CVE-2011-3192_regression.dpatch:
take upstream fixes for byterange_filter.c through the 2.2.21
release except for the added MaxRanges configuration option, along
with a staged fix for the 2.2.22 release.
Checksums-Sha1:
3de02ab436b00e4fffd7fbe99111319f7f4228af 2609 apache2_2.2.20-1ubuntu1.1.dsc
213e670a0381f5608204ed566c371495138683a5 215045 apache2_2.2.20-1ubuntu1.1.diff.gz
Checksums-Sha256:
812e3990fd234a9745180010a1da774395e05300365cf08d73bdd80283c03fb5 2609 apache2_2.2.20-1ubuntu1.1.dsc
29c20b5dadda9f04ae12e10ae2f1ddf268796204513fc8e3fcdf3cde660d269c 215045 apache2_2.2.20-1ubuntu1.1.diff.gz
Files:
08dcce27167ee07224e83f837e0dff6c 2609 httpd optional apache2_2.2.20-1ubuntu1.1.dsc
afc606dab8c4c1162abcaa64f8db088e 215045 httpd optional apache2_2.2.20-1ubuntu1.1.diff.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
Original-Vcs-Browser: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2
Original-Vcs-Svn: svn://svn.debian.org/pkg-apache/trunk/apache2
More information about the Oneiric-changes
mailing list