[Bug 124161] Please sync apache2 (main) from Debian unstable (main)

Kees Cook kees at ubuntu.com
Thu Jul 5 10:08:28 BST 2007


Public bug reported:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/apache2
 status confirmed
 subscribe ubuntu-archive

Please sync apache2 (main) from Debian unstable (main).
Changelog since current gutsy version 2.2.3-5:

apache2 (2.2.4-1) unstable; urgency=medium

  [ Stefan Fritsch ]
  * Urgency medium for security fix
  * Fix CVE-2007-1863: DoS in mod_cache
  * New upstream version (Closes: #427050)
    - Fixes "proxy: error reading status line from remote server"
      (Closes: #410331)
  * Fix CVE-2007-1862: mod_mem_cache DoS (introduced in 2.2.4)
  * Change logrotate script to use reload instead of restart.
    (Closes: #298689)
  * chmod o-rx /var/log/apache2 (Closes: #291841)
  * chmod o-x suexec (Closes: #431048)
  * Update patch for truncated mod_cgi 500 responses from upstream SVN
    (Closes: #412580)
  * Don't use AddDefaultCharset for our docs (Closes: #414429)
  * fix options syntax in sites-available/default (Closes: #419539)
  * Move conf.d include to the end of apache2.conf (Closes: #305933)
  * Remove log, cache, and lock files on purge (Closes: #428887)
  * Ship /usr/lib/cgi-bin (Closes: #415698)
  * Add note to README.Debian how to read docs (Closes: #350822)
  * Document pid file name (Closes: #350286)
  * Update Standards-Version (no changes needed)
  * Fix some lintian warnings, add some overrides
  * Start apache when doing a "restart" even if it was not running
    (Closes: #384682)
  * reload config in apache2-doc postinst (Closes: #289289)
  * don't fail in prerm if apache is not running (Closes: #418536)
  * Suggest apache2-doc and www-browser (Closes: #399056)
  * Make init script always display a warning if NO_START=1 since
    VERBOSE=yes is not the default anymore (Closes: #430116)
  * Replace apache2(8) man page with a more current version
  * Add httxt2dbm(8) man page
  * Show -X option in help message (Closes: #391817)
  * remove sick-hack-to-update-modules
  * don't depend on procps on hurd (Closes: #431125)

  [ Peter Samuelson ]
  * Add shlibs:Depends to apache2.2-common.

 -- Stefan Fritsch <sf at debian.org>  Sun, 01 Jul 2007 19:57:51 +0200


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGjLUJH/9LqRcGPm0RAqBDAJ9QT0NB1WCR/Af0uF8LEYuDTfrvrgCfRd/K
l2EZpAgVZJGDRnEvYmLR9Yo=
=Eiw/
-----END PGP SIGNATURE-----

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: Confirmed

-- 
Please sync apache2 (main) from Debian unstable (main)
https://bugs.launchpad.net/bugs/124161
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.



More information about the ubuntu-archive mailing list