[ubuntu/raring-proposed] apache2 2.2.22-6ubuntu5 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Fri Mar 15 14:00:20 UTC 2013 

apache2 (2.2.22-6ubuntu5) raring; urgency=low

  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
    - Thanks to Stefan Fritsch for the fix.
    - CVE-2013-1048

Date: Fri, 15 Mar 2013 07:59:58 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/raring/+source/apache2/2.2.22-6ubuntu5
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 15 Mar 2013 07:59:58 -0400
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source
Version: 2.2.22-6ubuntu5
Distribution: raring
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-itk - multiuser MPM for Apache 2.2
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-bin - Apache HTTP Server common binary files
 apache2.2-common - Apache HTTP Server common files
Changes: 
 apache2 (2.2.22-6ubuntu5) raring; urgency=low
 .
   * SECURITY UPDATE: multiple cross-site scripting issues
     - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
       modules/generators/{mod_info.c,mod_status.c},
       modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
       modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
     - CVE-2012-3499
     - CVE-2012-4558
   * SECURITY UPDATE: symlink attack in apache2ctl script
     - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
     - Thanks to Stefan Fritsch for the fix.
     - CVE-2013-1048
Checksums-Sha1: 
 a51f301478922424d269f9d9d0cc65e524983c94 3009 apache2_2.2.22-6ubuntu5.dsc
 2b6108759dba9c06b2f340aa8c23771f25271b75 201850 apache2_2.2.22-6ubuntu5.debian.tar.gz
Checksums-Sha256: 
 cda491bf25f4ac91be1ef01a2b6a4b4b0021217af1d9f7812bdd431687348edc 3009 apache2_2.2.22-6ubuntu5.dsc
 654cfe432437382c0dc8c03edc6c061e5d2016dbbc04eef1ed36fb595d88534e 201850 apache2_2.2.22-6ubuntu5.debian.tar.gz
Files: 
 ac6ba1b2614a6e35d92581046b5fd10c 3009 httpd optional apache2_2.2.22-6ubuntu5.dsc
 1260fcb2ec2c617af0ce0ea3ed1487b1 201850 httpd optional apache2_2.2.22-6ubuntu5.debian.tar.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJRQxFdAAoJEGVp2FWnRL6TvNkP/01X7E3YjMFQ8Lo3mTlZDlax
B6zRi3OzqmPE6mmn+s9Z0MWHPM8bZtELZ8LdjFNeQQuPQ5IUyN8ZKo3sC7yE8Heq
0Wvu7bjBuBtJiO8Ga7ohfYCljH5MISW4BXDFkvlk1iez8zDDpg2OsBoWVj87PpI7
mRSLpYKwmFrTnqIcRSGd79Lg0TQhH2d4mP0ali85p3OZb8euXkBkTXaUxI6p1a+1
a3GZGVtZKTj0HyatFrsfxFxqpMC/uYYVMusy8FYR0F/tWEwnCgO8W6RLF4F8SI5h
LkIRbMPIvvUMLJZittFfwiMQseVAatWz7RttSV5+8En8qk2ZhPsreaOgh2GqBa3v
eRcrS95MZ/vW8UeA0oC9Qn+EewwkeNJH6rdniWwwWfcfVdHHiWkg53314fTg+AMm
L18fKOgeK/EqPgghxJrtgELVwYwD16JXhV3JHeZFVH2hqf5PyOPW8JnzS+6+M7eU
yTDgWpIj3Inu7cHUoEaQ9cEXyy/G/3XW/xe5LMQbicQSQGPFtGadrwh9ms58om09
vEtYIMidRJHRgEo56DQsZFXVqmTBqqYki/oqecJCakUNAcjZOT0Rr7U/Z7KefwEv
Ce1CWef2wC6Eibmwkp4eyDS7OyYSfPBqTWxY+fx7IHia74QskOOnQTURDQ2LXKxn
refRY/2Efeltf3e2eY8+
=Q8oi
-----END PGP SIGNATURE-----

More information about the Raring-changes mailing list