[ubuntu/precise-security] apache2 2.2.22-1ubuntu1.7 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Jul 23 19:58:41 UTC 2014
apache2 (2.2.22-1ubuntu1.7) precise-security; urgency=medium
* SECURITY UPDATE: resource consumption via mod_deflate body
decompression
- debian/patches/CVE-2014-0118.patch: added new configuration options
DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and
DeflateInflateRatioBurst in modules/filters/mod_deflate.c.
- CVE-2014-0118
* SECURITY UPDATE: denial of service via race in mod_status
- debian/patches/CVE-2014-0226.patch: fix race by adding
ap_copy_scoreboard_worker() to include/scoreboard.h,
modules/generators/mod_status.c, server/scoreboard.c.
- CVE-2014-0226
* SECURITY UPDATE: denial of service in mod_cgid
- debian/patches/CVE-2014-0231.patch: added new configuration option
CGIDScriptTimeout in modules/generators/mod_cgid.c.
- CVE-2014-0231
apache2 (2.2.22-1ubuntu1.6) precise; urgency=low
* debian/patches/sni.patch:
- apache2 doesn't compare SNI hostname against Host header
case-insensitively (lp: #1298273)
Date: 2014-07-22 14:27:37.921850+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/precise/+source/apache2/2.2.22-1ubuntu1.7
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list