[ubuntu/wily-proposed] apache2 2.4.12-2ubuntu2 (Accepted)

[Marc Deslauriers]

apache2 (2.4.12-2ubuntu2) wily; urgency=medium

  * SECURITY UPDATE: request smuggling via chunked transfer encoding
    - debian/patches/CVE-2015-3183.patch: refactor chunk parsing in
      modules/http/http_filters.c.
    - CVE-2015-3183
  * SECURITY UPDATE: access restriction bypass via deprecated API
    - debian/patches/CVE-2015-3185.patch: deprecate old API and add new one
      in include/http_request.h, server/request.c.
    - CVE-2015-3185

Date: Fri, 24 Jul 2015 09:56:09 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/apache2/2.4.12-2ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 24 Jul 2015 09:56:09 -0400
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg
Architecture: source
Version: 2.4.12-2ubuntu2
Distribution: wily
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
Changes:
 apache2 (2.4.12-2ubuntu2) wily; urgency=medium
 .
   * SECURITY UPDATE: request smuggling via chunked transfer encoding
     - debian/patches/CVE-2015-3183.patch: refactor chunk parsing in
       modules/http/http_filters.c.
     - CVE-2015-3183
   * SECURITY UPDATE: access restriction bypass via deprecated API
     - debian/patches/CVE-2015-3185.patch: deprecate old API and add new one
       in include/http_request.h, server/request.c.
     - CVE-2015-3185
Checksums-Sha1:
 6ec7a8767c37218df40368d32dfd35c8b23dd598 2765 apache2_2.4.12-2ubuntu2.dsc
 321d38ab835662c3909a3e4235f7b4554c9ac1a0 462604 apache2_2.4.12-2ubuntu2.debian.tar.xz
Checksums-Sha256:
 17b483ce423c05cc7b2b9046469e668f761d57d98b56510cf7ef08dea7a43f09 2765 apache2_2.4.12-2ubuntu2.dsc
 11e3f585f1509dfc6375a86e491f2b976417e7d700174762b913ae757c253ff6 462604 apache2_2.4.12-2ubuntu2.debian.tar.xz
Files:
 23284d58a83716718ae9d8057d9ad8cb 2765 httpd optional apache2_2.4.12-2ubuntu2.dsc
 fa812b5db43cedaa2cf7fb069a2ced30 462604 httpd optional apache2_2.4.12-2ubuntu2.debian.tar.xz
Original-Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVsklIAAoJEGVp2FWnRL6TriYQAIIwm22DSybSJ2oEhTHgUD9A
klaZ4nyJXYDv+jbjPg0V+uHuVxXD/vq6ZYkNr7t1rsgNGRDSJL+7UCkE/sFHVz3G
xGv54t64PrUe7ohd4raTekksPv73Q7WF3xJ5PmrKXzt0aeNQUPvUYhM6uIdv3CVA
A7n2SyJQryytyV6RnBcOQKtHY5bHC6Nawuh5wCHb2O+jHuGZW2UrAd02o5h+J/II
Yo5dn0pjKuxWKb9pXSvhqyE0wBUKGC0+oBU7WrAImturvJnhFhHadfVtZBGzpylH
gcHiTZgWv7y46xvU6HLkDKHuoC3JTAourpqlSmRGzqvXRDN17HMOzREI3zhCy5jc
JEPYVgpwmtRm4k7siLAMyDYFr1FkIeurD5vsGtZrVOq/0ClXO5sU62TCeRJzlYg/
kS2rrmddYasAmbTDxfnqef8wAuEwbpMuw7GrGLTLhRVljp0V5JZaDhJllLvkPqOd
j1xmkaugnCbECV9L+XsdLURbiETvirV5Z+35gELLdBijP0O4/2w68wlWEeDjqlDy
XD0QqbCRNBozxhuf8719ras2Jx/H1PBJzSHHTpLez9lM2nuCRvjm+ur1Tui/KGce
2JBmkA1gu9YssDc/xx/eN0SpsGlpS4BrqyxSD13/9TYyKcqLcKa8ntP/RAM7MP6M
GIJU0UgnsAv1I2eW0Cie
=Yty0
-----END PGP SIGNATURE-----