[ubuntu/raring-proposed] apache2 2.2.22-6ubuntu3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Nov 8 23:10:15 UTC 2012 

apache2 (2.2.22-6ubuntu3) raring; urgency=low

  * SECURITY UPDATE: XSS vulnerability in mod_negotiation
    - debian/patches/CVE-2012-2687.patch: escape filenames in
      modules/mappers/mod_negotiation.c.
    - CVE-2012-2687
  * SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
    - debian/patches/CVE-2012-4929.patch: backport SSLCompression on|off
      directive. Defaults to off as enabling compression enables the CRIME
      attack.
    - CVE-2012-4929

Date: Thu, 08 Nov 2012 17:56:24 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/raring/+source/apache2/2.2.22-6ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 08 Nov 2012 17:56:24 -0500
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source
Version: 2.2.22-6ubuntu3
Distribution: raring
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-itk - multiuser MPM for Apache 2.2
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-bin - Apache HTTP Server common binary files
 apache2.2-common - Apache HTTP Server common files
Launchpad-Bugs-Fixed: 1068854
Changes: 
 apache2 (2.2.22-6ubuntu3) raring; urgency=low
 .
   * SECURITY UPDATE: XSS vulnerability in mod_negotiation
     - debian/patches/CVE-2012-2687.patch: escape filenames in
       modules/mappers/mod_negotiation.c.
     - CVE-2012-2687
   * SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
     - debian/patches/CVE-2012-4929.patch: backport SSLCompression on|off
       directive. Defaults to off as enabling compression enables the CRIME
       attack.
     - CVE-2012-4929
Checksums-Sha1: 
 17e327147350d22065e84dbb4afd57691858ebd5 3009 apache2_2.2.22-6ubuntu3.dsc
 693408340252b19ed0f50c0c97df19b042b4f062 198924 apache2_2.2.22-6ubuntu3.debian.tar.gz
Checksums-Sha256: 
 c822c3512062790420e63a878efd62a1f9216b3f276594c25119f23824cc229f 3009 apache2_2.2.22-6ubuntu3.dsc
 eaa0b93d89e96051cc12734ac344683fe4ec3e61e9e9832326078d24dce54dc5 198924 apache2_2.2.22-6ubuntu3.debian.tar.gz
Files: 
 d47e6637da110cdb2d219217bbaed9ae 3009 httpd optional apache2_2.2.22-6ubuntu3.dsc
 38473feefd3c8244df75844663501db1 198924 httpd optional apache2_2.2.22-6ubuntu3.debian.tar.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJQnDr0AAoJEGVp2FWnRL6TYkwP/1Jzr7sqkoUhyzH65zoa8T2L
fbC5TTeRxazE5RnDZMu2g0aCoo6j/Q0TxPYXXG3NK+ustNw5/FlWQBqTABYw1SiH
srB4NU3yijM9dqFTD/kylm11ccQ5/9rO2F9bg2+0LuMQ2txXEbNsVVdYQ10oaoIi
Mo4PcXJa2lZfhmhzBUy6wc3mO25wNeBnkJSM6Vld9pK5yy7sb/FTneWDZ8mlqpx7
HGiUG9/KubRsFYy98bwXR3/V+HtPOFvtVvYmG7GO5DfDfgA90JhK1YlUQpcEjgfc
HF18ftHT3n3KhRdEgREmMefZkeq169qbqpkulCZZMt5k3hi6yoPZSZqx0jBaWWqz
rie0Kbhlz4lSDqZV3i2ucXQc+79IuTb2lED2vgYMY+S3HDpnnrV/6hS4aCRxNk70
u21wb9Cdrq3NErS71xv+YFV8azKpYJ7CZYYL72FHR236BTEMqyWDOqPn7NPKiUHd
bqPUtYZJQVg5/SwjdhBpwfgPWRC+slyxvma7ehIbgIodQlxUgeFFBsP8o0yqnovd
qvq4S+XtgUEBYTydQ4xay2UwL3W3h08bapfppn8INP+VotmmbHx3Gva1fJX3575Q
jcMkVW55535U3Avd1AwVrphwhV0NSC4pc9HZqjItuzCf7qAjZ4mvWQCewwf06hyZ
ZWDgy0kjnIHQNQryqB+a
=DX+D
-----END PGP SIGNATURE-----

More information about the Raring-changes mailing list