[ubuntu/trusty-security] apache2 2.4.7-1ubuntu4.13 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Jul 18 17:55:09 UTC 2016
apache2 (2.4.7-1ubuntu4.13) trusty-security; urgency=medium
* SECURITY UPDATE: proxy request header vulnerability (httpoxy)
- debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in
server/util_script.c.
- CVE-2016-5387
* This update does _not_ contain the changes from (2.4.7-1ubuntu4.12) in
trusty-proposed.
apache2 (2.4.7-1ubuntu4.11) trusty; urgency=medium
* Fix hang until proxy timeout for Proxy responses with error status and
"ProxyErrorOverride On" being set (LP: #1495988).
apache2 (2.4.7-1ubuntu4.10) trusty; urgency=medium
* Add apache2 specific modification needed along with fix to
libapache2-mpm-itk so it becomes installable again (LP: #1286882):
- Removes warning on mpm_itk use
- Removes conflicts on mpm_itk
apache2 (2.4.7-1ubuntu4.9) trusty; urgency=medium
* Force disablereuse on for mod_proxy_wstunnel. Fixes "Unable to connect to:
ws://<maas IP>:/MAAS/ws" errors with maas, and other proxy applications.
https://bz.apache.org/bugzilla/show_bug.cgi?id=55890
(LP: #1484696).
apache2 (2.4.7-1ubuntu4.8) trusty; urgency=medium
* Fix -D[efined] or <Define>[d] variables lifetime across restarts.
This fixes incorrect processing of configuration files on reload
(LP: #1504354).
apache2 (2.4.7-1ubuntu4.7) trusty; urgency=medium
* d/p/wstunnel-ssl.patch: mod_proxy_wstunnel: Fix the use of SSL
connections with the "wss:" scheme. PR55320. LP: #1445914
Submitted by: Alex Liu <alex.leo.ca gmail.com>
apache2 (2.4.7-1ubuntu4.6) trusty; urgency=medium
* d/p/fix_rewrite_rule.patch: Add a configurable option to keep mod_dir from
running when another handler is set. This makes default behavior
consistant with 2.2, and fixes (LP: #1394403)
- This adds the configuration option "DirectoryCheckHandler" which is
present in apache 2.4.8 and later versions. The default value is
"DirectoryCheckHandler Off".
- This will change default behavior. Instead of mod_dir running even if
other rules are being run, mod_dir will only run when no other rules
have been processed by default. This is the expected behavior of
mod_dir, and is consistant with the behavior of mod_dir in apache
versions < 2.4 and > 2.4.8, and so the default value of this
configuration option will correct the bug.
- The current default behavior, which is considered to be a bug, can be
kept by setting "DirectoryCheckHandler On".
Date: 2016-07-15 15:18:12.292821+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.13
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list