[ubuntu/trusty-updates] apache2 2.4.7-1ubuntu4.4 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Mar 10 15:30:26 UTC 2015

apache2 (2.4.7-1ubuntu4.4) trusty-security; urgency=medium

  * SECURITY UPDATE: HTTP header replacement via HTTP trailers (LP: #1425141)
    - debian/patches/CVE-2013-5704.patch: don't merge trailers by default
      and add a "MergeTrailers" directive to revert to previous behaviour
      to include/http_core.h, include/httpd.h, modules/http/http_filters.c,
      modules/http/http_request.c, modules/loggers/mod_log_config.c,
      modules/proxy/mod_proxy_http.c, server/core.c, server/protocol.c.
    - CVE-2013-5704
  * SECURITY UPDATE: mod_cache denial of service via empty HTTP
    Content-Type header
    - debian/patches/CVE-2014-3581.patch: check for NULL in
    - CVE-2014-3581

apache2 (2.4.7-1ubuntu4.2) trusty; urgency=medium

  * d/p/ocsp-stapling-memory-corruption.patch: fix crash on startup due
    to memory corruption while modules are reloaded (LP: #1366174).
    Thanks to Alex Bligh for reporting, debugging, fixing upstream,
    backporting and driving this fix through to Trusty.

Date: 2015-03-10 12:56:13.136582+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list