[ubuntu/trusty-proposed] apache2 2.4.7-1ubuntu3 (Accepted)

[Marc Deslauriers]

apache2 (2.4.7-1ubuntu3) trusty; urgency=medium

  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
    calculation
    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
      in modules/dav/main/util.c.
    - CVE-2013-6438
  * SECURITY UPDATE: denial of service via truncated cookie and
    mod_log_config
    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
      modules/loggers/mod_log_config.c.
    - CVE-2014-0098

Date: Thu, 20 Mar 2014 08:34:10 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/trusty/+source/apache2/2.4.7-1ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 20 Mar 2014 08:34:10 -0400
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2.2-bin libapache2-mod-proxy-html libapache2-mod-macro apache2-utils apache2-suexec apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg
Architecture: source
Version: 2.4.7-1ubuntu3
Distribution: trusty
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (binary files and modules)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-mpm-event - transitional event MPM package for apache2
 apache2-mpm-itk - transitional itk MPM package for apache2
 apache2-mpm-prefork - transitional prefork MPM package for apache2
 apache2-mpm-worker - transitional worker MPM package for apache2
 apache2-suexec - transitional package for apache2-suexec-pristine
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 apache2.2-bin - Transitional package for apache2-bin
 libapache2-mod-macro - Transitional package for apache2-bin
 libapache2-mod-proxy-html - Transitional package for apache2-bin
Changes: 
 apache2 (2.4.7-1ubuntu3) trusty; urgency=medium
 .
   * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
     calculation
     - debian/patches/CVE-2013-6438.patch: properly calculate correct length
       in modules/dav/main/util.c.
     - CVE-2013-6438
   * SECURITY UPDATE: denial of service via truncated cookie and
     mod_log_config
     - debian/patches/CVE-2014-0098.patch: properly parse tokens in
       modules/loggers/mod_log_config.c.
     - CVE-2014-0098
Checksums-Sha1: 
 f579923ec5192f3edd37fab2e2203f3d89c02634 3159 apache2_2.4.7-1ubuntu3.dsc
 75aab604d28df0c9d92708bc6dacf31833f657d6 498297 apache2_2.4.7-1ubuntu3.debian.tar.gz
Checksums-Sha256: 
 17758cc4075d4140a57b48153f35b4daad4b5e211f1c1ba3e94086285f195d9d 3159 apache2_2.4.7-1ubuntu3.dsc
 4cba6d05eb0910e943f97b54490dacec404c9ea45991235c5235cde57e5fdb43 498297 apache2_2.4.7-1ubuntu3.debian.tar.gz
Files: 
 58c9ce681eab660e066b80c209884e82 3159 httpd optional apache2_2.4.7-1ubuntu3.dsc
 30cb7bb94ff3ca2752be4bfda3bf539f 498297 httpd optional apache2_2.4.7-1ubuntu3.debian.tar.gz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJTKxe2AAoJEGVp2FWnRL6TzdsP+gNOPkvI53yW8kSGzHrps1Eg
/LCRKHYVS+atuuFxoBBRY95w14EpCvnmQo20sSntvEEIViPk7tSbQKc4Ls6sxnBq
W7Wuphn43wvXoeTBpkLegqqw+p3T1zuPudMKKNKxhycYS0ieOnA8APT59vTCqfpD
i0j8RAdMTvdt0fvHKhiBCqo7JmHx6dXicG2xdqqWY2ynTFYaALRbxfuCBHfg08vh
FlKsvsuuTYgfSc0c1+GfYKnUFYQPDpqcrTroHWcgmDo3/rdV9dLz4yV204eslFUv
OLQpztF58dRqG1z1iG5jTeIlzoXJhexqh3sXpv2oB/9jmVlaRAHcn5eQwWGo3aY1
ZULDY7o8qqqYR3BlKTPYd0bCxsVbfkYyY4QmhL/Hkda5/IRE6uIOtyrx35GZTT1X
bRIkRZrCkOW94YHCC9SXSjclRrQ8iOzDRrvL9zX1HiVlfn2Mk3wFqXqlWyV0ld6l
mZcjMAaVOvSJqM0ggG3Oct2qGltJ0LP0pjAzEz2Dt16rkx19FyIoA2y63J+3/5QY
BGdhuBn4noy55WDE1ks7UepPNwzp6WlfteR7okSrkgjK8KxyHWAEtNKHyrj9az/s
DBzN21KV4xgQ1+gfH9fn1KVOBnGRbdStgXJXbPT2S/XfEkRkpFpcQBMBKFhhTxjl
j3eCjbhjFWxs3b1c/wPk
=+V+k
-----END PGP SIGNATURE-----