[ubuntu/precise] apache2 2.2.21-2ubuntu1 (Accepted)

Chuck Short zulcss at ubuntu.com
Mon Oct 17 14:00:20 UTC 2011 

apache2 (2.2.21-2ubuntu1) precise; urgency=low

  * Merge from debian unstable.  Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.

apache2 (2.2.21-2) unstable; urgency=high

  * Fix CVE-2011-3368: Prevent unintended pattern expansion in some
    reverse proxy configurations by strictly validating the request-URI.
  * Correctly set permissions of suexec.load even if umask is 0002 during
    build. LP: #872000

apache2 (2.2.21-1) unstable; urgency=low

  * New upstream release.
    - Fixes CVE-2011-3348: Possible denial of service in mod_proxy_ajp
      if combined with mod_proxy_balancer

Date: Fri, 14 Oct 2011 16:01:29 +0000
Changed-By: Chuck Short <zulcss at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/apache2/2.2.21-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 14 Oct 2011 16:01:29 +0000
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source
Version: 2.2.21-2ubuntu1
Distribution: precise
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Chuck Short <zulcss at ubuntu.com>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-itk - multiuser MPM for Apache 2.2
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-bin - Apache HTTP Server common binary files
 apache2.2-common - Apache HTTP Server common files
Launchpad-Bugs-Fixed: 872000
Changes: 
 apache2 (2.2.21-2ubuntu1) precise; urgency=low
 .
   * Merge from debian unstable.  Remaining changes:
     - debian/{control, rules}: Enable PIE hardening.
     - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
     - debian/control: Add bzr tag and point it to our tree
     - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
     - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
       Plymouth aware passphrase dialog program ask-for-passphrase.
 .
 apache2 (2.2.21-2) unstable; urgency=high
 .
   * Fix CVE-2011-3368: Prevent unintended pattern expansion in some
     reverse proxy configurations by strictly validating the request-URI.
   * Correctly set permissions of suexec.load even if umask is 0002 during
     build. LP: #872000
 .
 apache2 (2.2.21-1) unstable; urgency=low
 .
   * New upstream release.
     - Fixes CVE-2011-3348: Possible denial of service in mod_proxy_ajp
       if combined with mod_proxy_balancer
Checksums-Sha1: 
 434739e9ed502db78f13288c8f031a10864bda5d 1961 apache2_2.2.21-2ubuntu1.dsc
 8fb9e6763269ae7cba85f02668c3c32041bf00ed 7095187 apache2_2.2.21.orig.tar.gz
 827ff9af9231ff2e1865479102f5a3b795c86cc7 211772 apache2_2.2.21-2ubuntu1.diff.gz
Checksums-Sha256: 
 a6c73ac595e55aafca214197f576d7ba0c1a4070b30fdeec3be07385b03da090 1961 apache2_2.2.21-2ubuntu1.dsc
 094bbc7e399441cfa8f71f35908c5052d67f6561e0c29942253e180e98fbb275 7095187 apache2_2.2.21.orig.tar.gz
 9adb0bc175da89c3abb9c39470bc8b1ff9f43e2200672970eb873b7aea340ede 211772 apache2_2.2.21-2ubuntu1.diff.gz
Files: 
 8593ca1574ad80f237c1397e0e2a3f2a 1961 httpd optional apache2_2.2.21-2ubuntu1.dsc
 b24ca6db942a4f8e57c357e5e3058d31 7095187 httpd optional apache2_2.2.21.orig.tar.gz
 25960719458a60f535047369922b4932 211772 httpd optional apache2_2.2.21-2ubuntu1.diff.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
Original-Vcs-Browser: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2
Original-Vcs-Svn: svn://svn.debian.org/pkg-apache/trunk/apache2

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk6cGfUACgkQIHZ33voUATtvbACfU7wgJ4ELzWffh6GLsKhzEBqO
rUkAn02fd6QLG/FjirANZvDpG4FApwbV
=VGy4
-----END PGP SIGNATURE-----

More information about the Precise-changes mailing list