[Bug 589611] Re: [SRU] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
Thierry Carrez
thierry.carrez at ubuntu.com
Mon Sep 6 13:37:30 BST 2010
This was not committed to lucid-proposed. Current lucid-proposed is a
security fix:
apache2 (2.2.14-5ubuntu8.2) lucid-security; urgency=low
* debian/patches/211-sslinsecurerenegotiation-directive.dpatch: once
openssl gets updated to fix CVE-2009-3555, server renegotiations with
unpatched clients will fail. This patch adds the ability to revert to
the previous unsafe behaviour with a new SSLInsecureRenegotiation
directive. (LP: #616759)
* debian/control: add specific dependency on first openssl version to get
CVE-2009-3555 fix.
This one is next in queue.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3555
** Changed in: apache2 (Ubuntu Lucid)
Status: Fix Committed => Triaged
** Changed in: apache2 (Ubuntu Lucid)
Assignee: (unassigned) => Chuck Short (zulcss)
--
[SRU] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
https://bugs.launchpad.net/bugs/589611
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list