[Bug 551221] [NEW] consider a newer version of apache2 for lucid or backport some changes
Stefan Fritsch
sf at sfritsch.de
Mon Mar 29 21:56:37 BST 2010
Public bug reported:
Binary package hint: apache2
Apache2 in an LTS release would greatly benefit from some recent changes
in the Debian package:
In 2.2.14-6:
* Add a hook to apache2.2-common's postrm script that may come in handy
when upgrading to 2.4.
This may allow to do the 2.2 -> 2.4 upgrade in a cleaner way than the
hack that was done for 2.0 -> 2.2 (which involved apache2.2-common
deleting apache2-common's postrm script).
In 2.2.15:
- mod_ssl: Add SSLInsecureRenegotiation directive to allows insecure
renegotiation with clients which do not yet support the secure
renegotiation protocol. As this requires openssl 0.9.8m, bump
build dependency accordingly.
This allows an admin to configure how to treat clients that are
vulnerable to CVE-2009-3555. Also, 2.2.15 has some improved protection
for vulnerable clients.
In case you want to update to the most recent version despite the
sizable changes, you should use 2.2.15-3, which has some important bug
fixes over 2.2.15-2.
** Affects: apache2 (Ubuntu)
Importance: Undecided
Status: New
--
consider a newer version of apache2 for lucid or backport some changes
https://bugs.launchpad.net/bugs/551221
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list