[ubuntu/vivid-proposed] apache2 2.4.10-8ubuntu3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Mar 5 16:23:15 UTC 2015 

apache2 (2.4.10-8ubuntu3) vivid; urgency=medium

  * SECURITY UPDATE: restriction bypass in mod_lua via multiple Require
    directives
    - debian/patches/CVE-2014-8109.patch: handle multiple Require
      directives with different arguments in modules/lua/mod_lua.c.
    - CVE-2014-8109
  * SECURITY UPDATE: denial of service in mod_lua via websockets PING
    - debian/patches/CVE-2015-0228.patch: fix logic in
      modules/lua/lua_request.c.
    - CVE-2015-0228

Date: Thu, 05 Mar 2015 10:56:34 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/apache2/2.4.10-8ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 05 Mar 2015 10:56:34 -0500
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2.2-bin apache2.2-common libapache2-mod-proxy-html libapache2-mod-macro apache2-utils apache2-suexec apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg
Architecture: source
Version: 2.4.10-8ubuntu3
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-mpm-event - transitional event MPM package for apache2
 apache2-mpm-itk - transitional itk MPM package for apache2
 apache2-mpm-prefork - transitional prefork MPM package for apache2
 apache2-mpm-worker - transitional worker MPM package for apache2
 apache2-suexec - transitional package for apache2-suexec-pristine
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
 apache2.2-bin - Transitional package for apache2-bin
 apache2.2-common - Transitional package for apache2
 libapache2-mod-macro - Transitional package for apache2-bin
 libapache2-mod-proxy-html - Transitional package for apache2-bin
Changes:
 apache2 (2.4.10-8ubuntu3) vivid; urgency=medium
 .
   * SECURITY UPDATE: restriction bypass in mod_lua via multiple Require
     directives
     - debian/patches/CVE-2014-8109.patch: handle multiple Require
       directives with different arguments in modules/lua/mod_lua.c.
     - CVE-2014-8109
   * SECURITY UPDATE: denial of service in mod_lua via websockets PING
     - debian/patches/CVE-2015-0228.patch: fix logic in
       modules/lua/lua_request.c.
     - CVE-2015-0228
Checksums-Sha1:
 80212e170ae662f0f158cb532a3469e175d2b04f 3375 apache2_2.4.10-8ubuntu3.dsc
 ee37f65e69376f19162a1f8b30fd9585480be12f 541268 apache2_2.4.10-8ubuntu3.debian.tar.xz
Checksums-Sha256:
 f367f26201d0e509bc7e1fb872f39c3c58da3c0dfd7d8d07df88c820f4630eef 3375 apache2_2.4.10-8ubuntu3.dsc
 3f4fcf88d156c1a84716505e283957b3a8ea205a464039a85d863949507e3bfc 541268 apache2_2.4.10-8ubuntu3.debian.tar.xz
Files:
 fcbc2f0ef3b566a928b99cbd740d1fba 3375 httpd optional apache2_2.4.10-8ubuntu3.dsc
 1cfc5c87d0aad4924c78e313aa69e4f3 541268 httpd optional apache2_2.4.10-8ubuntu3.debian.tar.xz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJU+IFQAAoJEGVp2FWnRL6TzsEQAKWK8z5VcU2Kdic+D1VjFhId
caNnSrZVjKeSEmPAUg+1KABAFoc/71hugfLrMtCxt55AnwGI++hd+JOhdweNbbj2
m7tMt+QKovYyRovGflgiRdSR7m/LOIPMlAvFeluFIv1TywJfrsY/ypS/4VBkTkKS
t/3OchEse6U8LwaURfuZb0XbvGHgfk9vZsCWbIXsvG+0E/qYMKsL4fevT0aqj8D2
Sm20oBt4o81h49W/c6iP28uJVIwWuKRPv2Rx5EoE3yyBf89nuF3bxNSNfnrjUGcz
BgyISd5h6rnyB+eASNuyNcBFioSs4u9YFG5tzvST8CoqYDrHC8lzpFLruCL+JmqO
5xz4K3APtws5cK/O1yepyiGWrWzc2uszUdfKDKAVA6oPRtMyb4yFvsVzG0dyQcKv
tT7k0FVXo5+1Cn7TL8uNi0SLJOfJZ31hE8ScdwwMY1DeOHS/Tq2lqSRdv0eqiUOY
C+qJhNC83C7UXlmEvRZd4UGQZqQDaG/bskKVR4aVkohA1hYsZqR/JonCLQThMjE1
Eg9wfd0x/DJssJ9T2yjTJsGuNvGB/bkRT2Ubj2WLGfGYIU+wHrQcPwBARMWAk2wa
a0gIP6s9LqteJMKp66l46KSSD5316QhE7zfPJJ8SjFeZZHK6jbXvq85Lds0Jiwwg
cbb0VO/hxX29iMGHymOV
=taA5
-----END PGP SIGNATURE-----

More information about the Vivid-changes mailing list