Change log for apache2 package in Ubuntu
301 → 375 of 421 results | First • Previous • Next • Last |
Superseded in lucid-updates |
Superseded in lucid-security |
Deleted in lucid-proposed (Reason: moved to -updates) |
apache2 (2.2.14-5ubuntu8.2) lucid-security; urgency=low * debian/patches/211-sslinsecurerenegotiation-directive.dpatch: once openssl gets updated to fix CVE-2009-3555, server renegotiations with unpatched clients will fail. This patch adds the ability to revert to the previous unsafe behaviour with a new SSLInsecureRenegotiation directive. (LP: #616759) * debian/control: add specific dependency on first openssl version to get CVE-2009-3555 fix. -- Marc Deslauriers <email address hidden> Wed, 18 Aug 2010 16:37:47 -0400
Available diffs
- diff from 2.2.14-5ubuntu8.1 to 2.2.14-5ubuntu8.2 (434 bytes)
Superseded in dapper-updates |
Superseded in dapper-security |
Deleted in dapper-proposed (Reason: moved to -updates) |
apache2 (2.0.55-4ubuntu2.11) dapper-security; urgency=low * debian/patches/119_sslinsecurerenegotiation-directive.dpatch: once openssl gets updated to fix CVE-2009-3555, server renegotiations with unpatched clients will fail. This patch adds the ability to revert to the previous unsafe behaviour with a new SSLInsecureRenegotiation directive. (LP: #616759) * debian/control: add specific dependency on first openssl version to get CVE-2009-3555 fix. -- Marc Deslauriers <email address hidden> Mon, 16 Aug 2010 13:44:28 -0400
Available diffs
Superseded in hardy-updates |
Superseded in hardy-security |
Deleted in hardy-proposed (Reason: moved to -updates) |
apache2 (2.2.8-1ubuntu0.18) hardy-security; urgency=low * debian/patches/212_sslinsecurerenegotiation-directive.dpatch: once openssl gets updated to fix CVE-2009-3555, server renegotiations with unpatched clients will fail. This patch adds the ability to revert to the previous unsafe behaviour with a new SSLInsecureRenegotiation directive. (LP: #616759) * debian/control: add specific dependency on first openssl version to get CVE-2009-3555 fix. -- Marc Deslauriers <email address hidden> Mon, 16 Aug 2010 13:39:40 -0400
Available diffs
Obsolete in jaunty-updates |
Obsolete in jaunty-security |
Deleted in jaunty-proposed (Reason: moved to -updates) |
apache2 (2.2.11-2ubuntu2.7) jaunty-security; urgency=low * debian/patches/909_sslinsecurerenegotiation-directive.dpatch: once openssl gets updated to fix CVE-2009-3555, server renegotiations with unpatched clients will fail. This patch adds the ability to revert to the previous unsafe behaviour with a new SSLInsecureRenegotiation directive. (LP: #616759) * debian/control: add specific dependency on first openssl version to get CVE-2009-3555 fix. -- Marc Deslauriers <email address hidden> Mon, 16 Aug 2010 13:34:47 -0400
Available diffs
Superseded in karmic-updates |
Superseded in karmic-security |
Deleted in karmic-proposed (Reason: moved to -updates) |
apache2 (2.2.12-1ubuntu2.3) karmic-security; urgency=low * debian/patches/905_sslinsecurerenegotiation-directive.dpatch: once openssl gets updated to fix CVE-2009-3555, server renegotiations with unpatched clients will fail. This patch adds the ability to revert to the previous unsafe behaviour with a new SSLInsecureRenegotiation directive. (LP: #616759) * debian/control: add specific dependency on first openssl version to get CVE-2009-3555 fix. -- Marc Deslauriers <email address hidden> Mon, 16 Aug 2010 13:26:28 -0400
Available diffs
Deleted in lucid-proposed (Reason: trivially FTBFS) |
apache2 (2.2.14-5ubuntu8.1) lucid-proposed; urgency=low * debian/patches/upstream-fix-for-lp-609290.patch: Backport fix for upstream bug PR 45444. https://issues.apache.org/bugzilla/show_bug.cgi?id=45444. (LP: #609290, #589611, #595116) -- Chuck Short <email address hidden> Fri, 06 Aug 2010 12:32:36 -0500
Available diffs
Superseded in maverick-release |
apache2 (2.2.16-1ubuntu1) maverick; urgency=low * Merge from debian unstable. Remaining changes: - debian/{control, rules}: Enable PIE hardening. - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. - debian/control: Add bzr tag and point it to our tree. - debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381)
Available diffs
- diff from 2.2.15-5ubuntu1 to 2.2.16-1ubuntu1 (383.9 KiB)
Superseded in maverick-release |
apache2 (2.2.15-5ubuntu1) maverick; urgency=low * Merge from debian unstable. Remaining changes: - debian/{control, rules}: Enable PIE hardening. - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. - debian/control: Add bzr tag and point it to our tree. - debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381) + Dropped: - debian/patches/206-fix-potential-memory-leaks.dpatch: No longer needed. - debian/patches/206-report-max-client-mpm-worker.dpatch: No longer needed. - debian/config-dir/apache2.conf: Merged back from debian. - mod-reqtimeout functionality: Merge back from debian. - debian/patches/204_CVE-2010-0408.dpatch: No longer needed. - debian/patches/205_CVE-2010-0434.dpatch: No longer needed. - debian/patches/203_fix-ab-segfault.dpatch: No longer needed.
Available diffs
- diff from 2.2.14-5ubuntu8 to 2.2.15-5ubuntu1 (618.8 KiB)
apache2 (2.2.8-1ubuntu0.17) hardy-proposed; urgency=low * debian/apache2.2-common.postinst: When dpkg-statoverride is used, the cut delimiter has now been set to use ' ', as it was causing upgrades to fail. (LP: #583698) -- Dave Walker (Daviey) <email address hidden> Fri, 21 May 2010 13:50:34 +0100
Available diffs
- diff from 2.2.8-1ubuntu0.16 to 2.2.8-1ubuntu0.17 (545 bytes)
apache2 (2.2.8-1ubuntu0.16) hardy-proposed; urgency=low * debian/patches/211_fix_mod_proxy_nocanon.dpatch: Fix duplicated query string when using nocanon option to mod_proxy. Patch courtesy of James Troup, based on upstream cherry pick. (LP: #455873) -- Dave Walker (Daviey) <email address hidden> Mon, 17 May 2010 18:06:59 +0100
Available diffs
apache2 (2.2.14-5ubuntu8) lucid; urgency=low * debian/patches/210-backport-mod-reqtimeout-ftbfs.dpatch: Add missing mod_reqtime.so (LP: #562370) -- Chuck Short <email address hidden> Tue, 13 Apr 2010 15:09:57 -0400
Available diffs
Superseded in lucid-release |
apache2 (2.2.14-5ubuntu7) lucid; urgency=low * debian/patches/206-fix-potential-memory-leaks.dpatch: Fix potential memory leaks by making sure to not destroy bucket brigades that have been created by earlier filters. Backported from 2.2.15. * debian/patches/206-report-max-client-mpm-worker.dpatch: Don't report server has reached MaxClients until it has. Backported from 2.2.15 * debian/config-dir/apache2.conf: Make the Files ~ "^\.ht" block in apache2.conf more secure by adding Satisfy all. (Debian bug: #572075) * debian/rules, debian/patches/209-backport-mod-reqtimeout.dpatch, debian/config2-dir/mods-available/reqtimeout.load, debian/config2-dir/mods-available/reqtimeout.conf debian/NEWS : Backport the mod-reqtimeout module from 2.2.15, this will mitigate apache slowloris bug in apache. Enable it by default. (LP: #392759) -- Chuck Short <email address hidden> Mon, 05 Apr 2010 09:53:35 -0400
Available diffs
- diff from 2.2.14-5ubuntu6 to 2.2.14-5ubuntu7 (12.0 KiB)
Superseded in lucid-release |
apache2 (2.2.14-5ubuntu6) lucid; urgency=low * debian/apache2.2-common.apache2.init: Fix thinko. (LP: #551681) -- Chuck Short <email address hidden> Tue, 30 Mar 2010 09:41:11 -0400
Available diffs
- diff from 2.2.14-5ubuntu5 to 2.2.14-5ubuntu6 (466 bytes)
Superseded in lucid-release |
apache2 (2.2.14-5ubuntu5) lucid; urgency=low * Revert 99-fix-mod-dav-permissions.dpatch -- Chuck Short <email address hidden> Tue, 30 Mar 2010 07:55:46 -0400
Available diffs
Superseded in lucid-release |
apache2 (2.2.14-5ubuntu4) lucid; urgency=low * debian/patches/99-fix-mod-dav-permissions.dpatch: Fix permisisons when downloading files from webdav (LP: #540747) * debian/apache2.2-common.apache2.init: Add graceful restart (LP: #456381) -- Chuck Short <email address hidden> Mon, 29 Mar 2010 13:37:39 -0400
Available diffs
Superseded in lucid-release |
apache2 (2.2.14-5ubuntu3) lucid; urgency=low * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp - debian/patches/204_CVE-2010-0408.dpatch: return the right error code in modules/proxy/mod_proxy_ajp.c. - CVE-2010-0408 * SECURITY UPDATE: information disclosure via improper handling of headers in subrequests - debian/patches/205_CVE-2010-0434.dpatch: use a copy of r->headers_in in server/protocol.c. - CVE-2010-0434 -- Marc Deslauriers <email address hidden> Wed, 10 Mar 2010 14:48:48 -0500
Available diffs
apache2 (2.2.12-1ubuntu2.2) karmic-security; urgency=low * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp - debian/patches/903_CVE-2010-0408.dpatch: return the right error code in modules/proxy/mod_proxy_ajp.c. - CVE-2010-0408 * SECURITY UPDATE: information disclosure via improper handling of headers in subrequests - debian/patches/904_CVE-2010-0434.dpatch: use a copy of r->headers_in in server/protocol.c. - CVE-2010-0434 -- Marc Deslauriers <email address hidden> Mon, 08 Mar 2010 10:25:00 -0500
Available diffs
apache2 (2.2.11-2ubuntu2.6) jaunty-security; urgency=low * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp - debian/patches/907_CVE-2010-0408.dpatch: return the right error code in modules/proxy/mod_proxy_ajp.c. - CVE-2010-0408 * SECURITY UPDATE: information disclosure via improper handling of headers in subrequests - debian/patches/908_CVE-2010-0434.dpatch: use a copy of r->headers_in in server/protocol.c. - CVE-2010-0434 -- Marc Deslauriers <email address hidden> Mon, 08 Mar 2010 11:26:48 -0500
Available diffs
apache2 (2.2.9-7ubuntu3.6) intrepid-security; urgency=low * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp - debian/patches/907_CVE-2010-0408.dpatch: return the right error code in modules/proxy/mod_proxy_ajp.c. - CVE-2010-0408 * SECURITY UPDATE: information disclosure via improper handling of headers in subrequests - debian/patches/908_CVE-2010-0434.dpatch: use a copy of r->headers_in in server/protocol.c. - CVE-2010-0434 -- Marc Deslauriers <email address hidden> Mon, 08 Mar 2010 11:29:11 -0500
Available diffs
apache2 (2.2.8-1ubuntu0.15) hardy-security; urgency=low * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp - debian/patches/209_CVE-2010-0408.dpatch: return the right error code in modules/proxy/mod_proxy_ajp.c. - CVE-2010-0408 * SECURITY UPDATE: information disclosure via improper handling of headers in subrequests - debian/patches/210_CVE-2010-0434.dpatch: use a copy of r->headers_in in server/protocol.c. - CVE-2010-0434 -- Marc Deslauriers <email address hidden> Mon, 08 Mar 2010 11:56:13 -0500
Available diffs
apache2 (2.0.55-4ubuntu2.10) dapper-security; urgency=low * SECURITY UPDATE: information disclosure via improper handling of headers in subrequests - debian/patches/118_CVE-2010-0434.dpatch: use a copy of r->headers_in in server/protocol.c. - CVE-2010-0434 -- Marc Deslauriers <email address hidden> Mon, 08 Mar 2010 14:33:49 -0500
Available diffs
Superseded in lucid-release |
apache2 (2.2.14-5ubuntu2) lucid; urgency=low * debian/patches/203_fix-ab-segfault.dpatch: Fix segfaulting ab when using really wacky options. (LP: #450501) -- Chuck Short <email address hidden> Mon, 08 Mar 2010 14:53:17 -0500
Available diffs
- diff from 2.2.14-5ubuntu1 to 2.2.14-5ubuntu2 (834 bytes)
Superseded in lucid-release |
apache2 (2.2.14-5ubuntu1) lucid; urgency=low * Merge from debian testing. Remaining changes: LP: #506862 - debian/{control, rules}: Enable PIE hardening. - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. - debian/control: Add bzr tag and point it to our tree.
Available diffs
- diff from 2.2.14-4ubuntu1 to 2.2.14-5ubuntu1 (10.9 KiB)
Superseded in lucid-release |
apache2 (2.2.14-4ubuntu1) lucid; urgency=low * Resynchronzie with Debian, remaining changes are: - debian/{control, rules}: Enable PIE hardening. - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles. - debian/control: Add bzr tag and point it to our tree. -- Chuck Short <email address hidden> Wed, 23 Dec 2009 14:44:51 -0500
Available diffs
- diff from 2.2.14-2ubuntu1 to 2.2.14-4ubuntu1 (10.0 KiB)
apache2 (2.2.11-2ubuntu2.5) jaunty-security; urgency=low * SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations. Partial fix for CVE-2009-3555. Configurations requiring renegotiation of per-directory/location access controls are still affected until OpenSSL is updated. - debian/patches/904_CVE-2009-3555.dpatch: disable all client renegotiations - CVE-2009-3555 * SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module - debian/patches/905-CVE-2009-3094.dpatch: fix NULL pointer dereference in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread in EPSV response parser - CVE-2009-3094 * SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when configured as a reverse proxy - debian/patches/906-CVE-2009-3095.dpatch: adjust proxy_ftp_handler() in mod_proxy_ftp.c to fail if the decoded Basic credentials contain special characters. - CVE-2009-3095 -- Jamie Strandboge <email address hidden> Thu, 12 Nov 2009 12:46:19 -0600
Available diffs
apache2 (2.2.9-7ubuntu3.5) intrepid-security; urgency=low * SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations. Partial fix for CVE-2009-3555. Configurations requiring renegotiation of per-directory/location access controls are still affected until OpenSSL is updated. - debian/patches/904_CVE-2009-3555.dpatch: disable all client renegotiations - CVE-2009-3555 * SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module - debian/patches/905-CVE-2009-3094.dpatch: fix NULL pointer dereference in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread in EPSV response parser - CVE-2009-3094 * SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when configured as a reverse proxy - debian/patches/906-CVE-2009-3095.dpatch: adjust proxy_ftp_handler() in mod_proxy_ftp.c to fail if the decoded Basic credentials contain special characters. - CVE-2009-3095 -- Jamie Strandboge <email address hidden> Thu, 12 Nov 2009 14:02:27 -0600
Available diffs
apache2 (2.2.8-1ubuntu0.14) hardy-security; urgency=low * SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations. Partial fix for CVE-2009-3555. Configurations requiring renegotiation of per-directory/location access controls are still affected until OpenSSL is updated. - debian/patches/206_CVE-2009-3555.dpatch: disable all client renegotiations - CVE-2009-3555 * SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module - debian/patches/207-CVE-2009-3094.dpatch: fix NULL pointer dereference in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread in EPSV response parser - CVE-2009-3094 * SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when configured as a reverse proxy - debian/patches/208-CVE-2009-3095.dpatch: adjust proxy_ftp_handler() in mod_proxy_ftp.c to fail if the decoded Basic credentials contain special characters. - CVE-2009-3095 -- Jamie Strandboge <email address hidden> Thu, 12 Nov 2009 14:15:40 -0600
Available diffs
apache2 (2.0.55-4ubuntu2.9) dapper-security; urgency=low * SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations. Partial fix for CVE-2009-3555. Configurations requiring renegotiation of per-directory/location access controls are still affected until OpenSSL is updated. - debian/patches/115_CVE-2009-3555.patch: disable all client renegotiations - based on http://www.apache.org/dist/httpd/patches/apply_to_2.2.14/CVE-2009-3555-2.2.patch - CVE-2009-3555 * SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module - debian/patches/116-CVE-2009-3094.patch: fix NULL pointer dereference in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread in EPSV response parser - based on http://svn.apache.org/viewvc?revision=814652&view=revision - CVE-2009-3094 * SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when configured as a reverse proxy - debian/patches/117-CVE-2009-3095.patch: adjust proxy_ftp_handler() in mod_proxy_ftp.c to fail if the decoded Basic credentials contain special characters. - based on http://svn.apache.org/viewvc?revision=814045&view=revision - CVE-2009-3095 -- Jamie Strandboge <email address hidden> Thu, 12 Nov 2009 15:45:14 -0600
Available diffs
Superseded in lucid-release |
apache2 (2.2.14-2ubuntu1) lucid; urgency=low * Merge from debian testing, remaining changes: - debian/{control, rules}: Enable PIE hardening. - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles. - debian/conrol: Add bzr tag and point it to our tree. - removed debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch: it was already dropped from 00list, so just remove the patch entirely
Available diffs
apache2 (2.2.12-1ubuntu2.1) karmic-security; urgency=low * SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations. Partial fix for CVE-2009-3555. Configurations requiring renegotiation of per-directory/location access controls are still affected until OpenSSL is updated. - debian/patches/900_CVE-2009-3555.dpatch: disable all client renegotiations - CVE-2009-3555 * SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module - debian/patches/901-CVE-2009-3094.dpatch: fix NULL pointer dereference in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread in EPSV response parser - CVE-2009-3094 * SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when configured as a reverse proxy - debian/patches/902-CVE-2009-3095.dpatch: adjust proxy_ftp_handler() in mod_proxy_ftp.c to fail if the decoded Basic credentials contain special characters. - CVE-2009-3095 -- Jamie Strandboge <email address hidden> Thu, 12 Nov 2009 12:12:56 -0600
Available diffs
Superseded in lucid-release |
apache2 (2.2.14-1ubuntu1) lucid; urgency=low * Merge from debian testing, remaining changes: - debian/{control, rules}: Enable PIE hardening. - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles. - debian/conrol: Add bzr tag and point it to our tree. - Dropped debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch: Already applied upstream.
Available diffs
- diff from 2.2.12-1ubuntu2 to 2.2.14-1ubuntu1 (524.1 KiB)
Deleted in hardy-proposed (Reason: moved to -updates) |
apache2 (2.2.8-1ubuntu0.12) hardy-proposed; urgency=low * debian/patches/999_fix_mod_proxy_nocanon.dpatch: Make all proxy modules nocanon aware and do not add the query string again in this case. Thanks to James Troup. (LP: #455873) -- Chuck Short <email address hidden> Mon, 02 Nov 2009 11:25:38 -0500
Available diffs
apache2 (2.2.11-2ubuntu2.3) jaunty-security; urgency=low * SECURITY UPDATE: remote denial of service in mod_deflate module when the network connection was closed before compression completed - debian/patches/903_CVE-2009-1891.dpatch: update patch to fix regression that caused segfaults under certain circumstances. (LP: #409987) - CVE-2009-1891 -- Marc Deslauriers <email address hidden> Mon, 17 Aug 2009 14:55:23 -0400
Available diffs
apache2 (2.2.9-7ubuntu3.3) intrepid-security; urgency=low * SECURITY UPDATE: remote denial of service in mod_deflate module when the network connection was closed before compression completed - debian/patches/903_CVE-2009-1891.dpatch: update patch to fix regression that caused segfaults under certain circumstances. (LP: #409987) - CVE-2009-1891 -- Marc Deslauriers <email address hidden> Mon, 17 Aug 2009 14:37:17 -0400
Available diffs
apache2 (2.2.8-1ubuntu0.11) hardy-security; urgency=low * SECURITY UPDATE: remote denial of service in mod_deflate module when the network connection was closed before compression completed - debian/patches/205_CVE-2009-1891.dpatch: update patch to fix regression that caused segfaults under certain circumstances. (LP: #409987) - CVE-2009-1891 -- Marc Deslauriers <email address hidden> Mon, 17 Aug 2009 08:00:35 -0400
Available diffs
apache2 (2.0.55-4ubuntu2.8) dapper-security; urgency=low * SECURITY UPDATE: remote denial of service in mod_deflate module when the network connection was closed before compression completed - debian/patches/113_CVE-2009-1891.patch: update patch to fix regression that caused segfaults under certain circumstances. (LP: #409987) - CVE-2009-1891 -- Marc Deslauriers <email address hidden> Mon, 17 Aug 2009 13:34:03 -0400
Available diffs
apache2 (2.2.12-1ubuntu2) karmic; urgency=low * debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch: - Fix potential segfaults with the use of the legacy ap_rputs() etc interfaces, in cases where an output filter fails. This happens frequently after CVE-2009-1891 got fixed. (LP: #409987) -- Marc Deslauriers <email address hidden> Mon, 17 Aug 2009 15:38:47 -0400
Available diffs
apache2 (2.0.55-4ubuntu2.7) dapper-security; urgency=low * SECURITY UPDATE: fix integer overflow in libapr - debian/patches/114_CVE-2009-2412.patch: adjust allocator_alloc() and apr_palloc() in apr_pools.c to check for overflow after aligning size - http://www.apache.org/dist/apr/patches/apr-0.9-CVE-2009-2412.patch - CVE-2009-2412 * SECURITY UPDATE: fix integer overflow in libaprutil - debian/patches/114_CVE-2009-2412b.patch: adjust apr_rmm_malloc, apr_rmm_calloc, apr_rmm_realloc to check for overflow after aligning size - http://www.apache.org/dist/apr/patches/apr-util-0.9-CVE-2009-2412.patch - CVE-2009-2412 -- Jamie Strandboge <email address hidden> Fri, 07 Aug 2009 11:30:44 -0500
Available diffs
Superseded in karmic-release |
apache2 (2.2.12-1ubuntu1) karmic; urgency=low * Merge from debian unstable, remaining changes: - debian/{control,rules}: enable PIE hardening. - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. - Dropped debian/patches/203_fix-ssl-timeftm-ignored.dpatch.
Available diffs
- diff from 2.2.11-7ubuntu1 to 2.2.12-1ubuntu1 (342.9 KiB)
Superseded in karmic-release |
apache2 (2.2.11-7ubuntu1) karmic; urgency=low * Merge from debian unstable, remaining changes: LP: #398130 - debian/patches/203_fix-ssl-timeftm-ignored.dpatch: Fix timefmt is ignored when XBitHack is on. (LP: #258914) - debian/{control,rules}: enable PIE hardening. - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
Available diffs
apache2 (2.0.55-4ubuntu2.6) dapper-security; urgency=low * SECURITY UPDATE: remote denial of service in mod_deflate module when the network connection was closed before compression completed - debian/patches/113_CVE-2009-1891.patch: fail if the connection has been aborted in server/core.c - CVE-2009-1891 -- Marc Deslauriers <email address hidden> Fri, 10 Jul 2009 10:39:28 -0400
Available diffs
apache2 (2.2.8-1ubuntu0.10) hardy-security; urgency=low * SECURITY UPDATE: remote denial of service in the mod_proxy module via amount of streamed data that exceeds the Content-Length value - debian/patches/204_CVE-2009-1890.dpatch: make sure Content-Length is sane and check the length of the data in modules/proxy/mod_proxy_http.c - CVE-2009-1890 * SECURITY UPDATE: remote denial of service in mod_deflate module when the network connection was closed before compression completed - debian/patches/205_CVE-2009-1891.dpatch: fail if the connection has been aborted in server/core_filters.c - CVE-2009-1891 -- Marc Deslauriers <email address hidden> Thu, 09 Jul 2009 14:53:32 -0400
Available diffs
apache2 (2.2.9-7ubuntu3.2) intrepid-security; urgency=low * SECURITY UPDATE: remote denial of service in the mod_proxy module via amount of streamed data that exceeds the Content-Length value - debian/patches/902_CVE-2009-1890.dpatch: make sure Content-Length is sane and check the length of the data in modules/proxy/mod_proxy_http.c - CVE-2009-1890 * SECURITY UPDATE: remote denial of service in mod_deflate module when the network connection was closed before compression completed - debian/patches/903_CVE-2009-1891.dpatch: fail if the connection has been aborted in server/core_filters.c - CVE-2009-1891 -- Marc Deslauriers <email address hidden> Thu, 09 Jul 2009 14:47:48 -0400
Available diffs
apache2 (2.2.11-2ubuntu2.2) jaunty-security; urgency=low * SECURITY UPDATE: remote denial of service in the mod_proxy module via amount of streamed data that exceeds the Content-Length value - debian/patches/902_CVE-2009-1890.dpatch: make sure Content-Length is sane and check the length of the data in modules/proxy/mod_proxy_http.c - CVE-2009-1890 * SECURITY UPDATE: remote denial of service in mod_deflate module when the network connection was closed before compression completed - debian/patches/903_CVE-2009-1891.dpatch: fail if the connection has been aborted in server/core_filters.c - CVE-2009-1891 -- Marc Deslauriers <email address hidden> Thu, 09 Jul 2009 14:35:07 -0400
Available diffs
apache2 (2.2.8-1ubuntu0.9) hardy-proposed; urgency=low * debian/patches//101_fix-spinning-mod_proxy.dpatch: Fix mod_proxy with SSL using all the CPU. (LP: #306293) -- Chuck Short <email address hidden> Fri, 13 Feb 2009 15:43:29 +0000
Available diffs
apache2 (2.2.8-1ubuntu0.8) hardy-security; urgency=low * SECURITY UPDATE: Includes option could be overridden via .htaccess file when AllowOverride restrictions do not permit it - debian/patches/203_CVE-2009-1195.dpatch: adjust server/config.c, server/core.c, modules/filters/mod_include.c, include/http_core.h to only enable .htaccess override when permitted. - CVE-2009-1195 -- Jamie Strandboge <email address hidden> Wed, 10 Jun 2009 17:50:41 -0500
Available diffs
apache2 (2.2.9-7ubuntu3.1) intrepid-security; urgency=low * SECURITY UPDATE: Includes option could be overridden via .htaccess file when AllowOverride restrictions do not permit it - debian/patches/900_CVE-2009-1195.dpatch: adjust server/config.c, server/core.c, modules/filters/mod_include.c, include/http_core.h to only enable .htaccess override when permitted. - CVE-2009-1195 -- Jamie Strandboge <email address hidden> Wed, 10 Jun 2009 17:47:06 -0500
Available diffs
apache2 (2.0.55-4ubuntu2.5) dapper-security; urgency=low * SECURITY UPDATE: Fix underflow in apr_strmatch_precompile - debian/patches/110_CVE-2009-0023.dpatch: adjust srclib/apr-util/strmatch/apr_strmatch.c to properly evaluate strings as unsigned char rather than int - CVE-2009-0023 * SECURITY UPDATE: Prevent "billion laughs" attack against expat - debian/patches/111_CVE-2009-1955.dpatch: adjust srclib/apr-util/xml/apr_xml.c to disable internal entity expansion - CVE-2009-1955 * SECURITY UPDATE: Fix off by one overflow in apr_brigade_vprintf - debian/patches/112_CVE-2009-1956.dpatch: don't add null terminator to vd.vbuff.curpos in srclib/apr-util/buckets/apr_brigade.c - CVE-2009-1956 -- Jamie Strandboge <email address hidden> Wed, 10 Jun 2009 22:01:23 -0500
Available diffs
apache2 (2.2.11-2ubuntu2.1) jaunty-security; urgency=low * SECURITY UPDATE: response data disclosure in mod_proxy_ajp when a client request with no request body was sent - debian/patches/900_CVE-2009-1191.dpatch: adjust modules/proxy/mod_proxy_ajp.c to not reuse a connection when the client closes a connection without sending a body - CVE-2009-1191 * SECURITY UPDATE: Includes option could be overridden via .htaccess file when AllowOverride restrictions do not permit it - debian/patches/900_CVE-2009-1195.dpatch: adjust server/config.c, server/core.c, modules/filters/mod_include.c, include/http_core.h to only enable .htaccess override when permitted. - CVE-2009-1195 -- Jamie Strandboge <email address hidden> Wed, 10 Jun 2009 17:15:00 -0500
Available diffs
Superseded in karmic-release |
apache2 (2.2.11-6ubuntu1) karmic; urgency=low * Merge from debian unstable, remaining changes: - debian/patches/203_fix-ssl-timeftm-ignored.dpatch: Fix timefmt is ignored when XBitHack is on. (LP: #258914) - debian/{control,rules}: enable PIE hardening. - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
Available diffs
Superseded in karmic-release |
apache2 (2.2.11-5ubuntu1) karmic; urgency=low * Merge from debian unstable, remaining changes: - debian/patches/203_fix-ssi-timeftm-ignored.dpatch: Fix timefmt is ignored when XBitHack is on. (LP: #258914) - debian/{control,rules}: enable PIE hardening. - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. -- Andrew Mitchell <email address hidden> Wed, 03 Jun 2009 14:10:54 +1200
Available diffs
- diff from 2.2.11-3ubuntu1 to 2.2.11-5ubuntu1 (13.7 KiB)
Superseded in hardy-proposed |
apache2 (2.2.8-1ubuntu0.6) hardy-proposed; urgency=low * debian/patches//101_fix-spinning-mod_proxy.dpatch: Fix mod_proxy with SSL using all the CPU. (LP: #306293) -- Chuck Short <email address hidden> Fri, 13 Feb 2009 15:43:29 +0000
Available diffs
Superseded in karmic-release |
apache2 (2.2.11-3ubuntu1) karmic; urgency=low * Merge from debian unstable, remaining changes: - debian/patches/203_fix-ssi-timeftm-ignored.dpatch: Fix timefmt is ignored when XBitHack is on. (LP: #258914) - debian/{control,rules}: enable PIE hardening. - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles. -- Andrew Mitchell <email address hidden> Tue, 12 May 2009 16:15:34 +1200
Available diffs
apache2 (2.2.11-2ubuntu2) jaunty; urgency=low * debian/patches/203_fix-ssi-timeftm-ignored.dpatch: Fix timefmt is ignored when XBitHack is on. (LP: #258914) -- Chuck Short <email address hidden> Wed, 01 Apr 2009 11:39:17 -0400
Available diffs
apache2 (2.2.8-1ubuntu0.5) hardy-security; urgency=low [ Emanuele Gentili ] * SECURITY UPDATE: + debian/patches/201_security_CVE-2008-2364.dpatch (LP: #239894) - The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. + References - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364 [ Marc Deslauriers ] * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in mod_proxy_balancer - debian/patches/200_security_CVE-2007-6420.dpatch: generate and validate a nonce in modules/proxy/mod_proxy_balancer.c. - CVE-2007-6420 * SECURITY UPDATE: Denial of service via large number of interim responses in mod_proxy module (LP: #239894) - debian/patches/201_security_CVE-2008-2364.dpatch: updated patch to newer version. - CVE-2008-2364 * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the mod_proxy_ftp module - debian/patches/202_security_CVE-2008-2939.dpatch: escape the html contained in the wildcard value in modules/proxy/mod_proxy_ftp.c. - CVE-2008-2939 -- Marc Deslauriers <email address hidden> Thu, 05 Mar 2009 17:20:17 -0500
Available diffs
- diff from 2.2.8-1ubuntu0.4 to 2.2.8-1ubuntu0.5 (240 bytes)
Superseded in hardy-security |
apache2 (2.2.8-1ubuntu0.4) hardy-security; urgency=low [ Emanuele Gentili ] * SECURITY UPDATE: + debian/patches/201_security_CVE-2008-2364.dpatch (LP: #239894) - The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. + References - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364 [ Marc Deslauriers ] * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in mod_proxy_balancer - debian/patches/200_security_CVE-2007-6420.dpatch: generate and validate a nonce in modules/proxy/mod_proxy_balancer.c. - CVE-2007-6420 * SECURITY UPDATE: Denial of service via large number of interim responses in mod_proxy module (LP: #239894) - debian/patches/201_security_CVE-2008-2364.dpatch: updated patch to newer version. - CVE-2008-2364 * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the mod_proxy_ftp module - debian/patches/202_security_CVE-2008-2939.dpatch: escape the html contained in the wildcard value in modules/proxy/mod_proxy_ftp.c. - CVE-2008-2939 -- Marc Deslauriers <email address hidden> Thu, 05 Mar 2009 17:20:17 -0500
Available diffs
apache2 (2.2.4-3ubuntu0.2) gutsy-security; urgency=low [ Emanuele Gentili ] * SECURITY UPDATE: + debian/patches/111_CVE-2008-2364.dpatch (LP: #239894) - The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. + References - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364 [ Marc Deslauriers ] * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in "413 Request Entity Too Large" error message - debian/patches/107_CVE-2007-6203.dpatch: properly escape some error messages in modules/http/http_protocol.c. - CVE-2007-6203 * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in mod_proxy_balancer - debian/patches/108_CVE-2007-6420.dpatch: generate and validate a nonce in modules/proxy/mod_proxy_balancer.c. - CVE-2007-6420 * SECURITY UPDATE: Denial of service via memory leak in the zlib_stateful_init function (LP: #224945) - debian/patches/109_CVE-2008-1678.dpatch: don't call CRYPTO_cleanup_all_ex_data in modules/ssl/mod_ssl.c. - CVE-2008-1678 * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability via UTF-7 encoded URLs - debian/patches/110_CVE-2008-2168.dpatch: specify a default charset in modules/dav/main/mod_dav.c, modules/generators/mod_info.c and modules/proxy/mod_proxy_balancer.c. - CVE-2008-2168 * SECURITY UPDATE: Denial of service via large number of interim responses in mod_proxy module (LP: #239894) - debian/patches/111_CVE-2008-2364.dpatch: updated patch to newer version. - CVE-2008-2364 * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the mod_proxy_ftp module - debian/patches/112_CVE-2008-2939.dpatch: escape the html contained in the wildcard value in modules/proxy/mod_proxy_ftp.c. - CVE-2008-2939 -- Marc Deslauriers <email address hidden> Thu, 05 Mar 2009 15:54:32 -0500
Available diffs
apache2 (2.0.55-4ubuntu2.4) dapper-security; urgency=low * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in "413 Request Entity Too Large" error message - debian/patches/106_CVE-2007-6203.patch: properly escape some error messages in modules/http/http_protocol.c. - CVE-2007-6203 * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability via UTF-7 encoded URLs - debian/patches/107_CVE-2008-2168.patch: specify a default charset in modules/dav/main/mod_dav.c and modules/generators/mod_info.c. - CVE-2008-2168 * SECURITY UPDATE: Denial of service via large number of interim responses in mod_proxy module (LP: #239894) - debian/patches/108_CVE-2008-2364.patch: limit the number of interim responses in modules/proxy/proxy_http.c. - CVE-2008-2364 * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the mod_proxy_ftp module - debian/patches/109_CVE-2008-2939.patch: escape the html contained in the wildcard value in modules/proxy/proxy_ftp.c. - CVE-2008-2939 -- Marc Deslauriers <email address hidden> Wed, 25 Feb 2009 08:59:04 -0500
Available diffs
Superseded in jaunty-release |
apache2 (2.2.11-2ubuntu1) jaunty; urgency=low * Merge from debian unstable, remaining changes: - debian/{contro,rules}: enable PIE hardening. - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
Available diffs
Superseded in jaunty-release |
apache2 (2.2.11-1ubuntu1) jaunty; urgency=low * Merge from debian unstable, remaining changes: - debian/{control, rules}: enable PIE hardening. - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
Available diffs
- diff from 2.2.9-11ubuntu1 to 2.2.11-1ubuntu1 (499.0 KiB)
Superseded in jaunty-release |
apache2 (2.2.9-11ubuntu1) jaunty; urgency=low * Merge from debian unstable, remaining changes: (LP: #303375) - debian/{control, rules}: enable PIE hardening. - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
Available diffs
Superseded in jaunty-release |
apache2 (2.2.9-10ubuntu1) jaunty; urgency=low * Merge from debian unstable, remaining changes: - debian/{control, rules}: enable PIE hardening. - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
Available diffs
apache2 (2.2.9-7ubuntu3) intrepid; urgency=low * Revert logrotate change since it will break it for everyone. -- Chuck Short <email address hidden> Fri, 19 Sep 2008 09:32:01 -0400
Available diffs
- diff from 2.2.9-7ubuntu2 to 2.2.9-7ubuntu3 (469 bytes)
Superseded in intrepid-release |
apache2 (2.2.9-7ubuntu2) intrepid; urgency=low * debian/logrotate: Restart rather than reload for busy websites. (LP: #270899) -- Chuck Short <email address hidden> Thu, 18 Sep 2008 08:42:22 -0400
Available diffs
- diff from 2.2.9-7ubuntu1 to 2.2.9-7ubuntu2 (482 bytes)
Superseded in intrepid-release |
apache2 (2.2.9-7ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - debian/{control,rules}: enable PIE hardening. - debian/{control,rules,apache2.2-common.ufw.profile}: add ufw profiles.
Available diffs
Superseded in intrepid-release |
apache2 (2.2.9-3ubuntu2) intrepid; urgency=low * add ufw integration (see https://wiki.ubuntu.com/UbuntuFirewall#Integrating%20UFW%20with%20Packages) (LP: #261198) - debian/control: suggest ufw for apache2.2-common - add apache2.2-common.ufw.profile with 3 profiles and install it to /etc/ufw/applications.d/apache2.2-common -- Didier Roche <email address hidden> Tue, 26 Aug 2008 19:03:42 +0200
Available diffs
Superseded in intrepid-release |
apache2 (2.2.9-3ubuntu1) intrepid; urgency=low * debian/{control,rules}: enable PIE hardening -- Kees Cook <email address hidden> Wed, 20 Aug 2008 15:45:00 -0700
Available diffs
- diff from 2.2.9-3 to 2.2.9-3ubuntu1 (814 bytes)
apache2 (2.2.9-3) unstable; urgency=low [ Stefan Fritsch ] * Move NameVirtualHost directive to ports.conf and switch from "*" to "*:80". (Closes: #314606, #486286) * Comment out the CacheEnable line in disk_cache.conf. It would have caused problems with Etch to Lenny upgrades. * Change the minimum user id for suexec back to 100, the new value of 1000 was too disruptive for existing configurations. (Closes: #488821) * Add a default SSL virtual host. (Closes: #267477) - Use snakeoil certificate by default (if ssl-cert is installed). (Closes: #293524, #446765) - Document this in README.Debian. (Closes: #293469, #293519, #398520, #395823) - Add MSIE workarounds. (Closes: #421802) - Add ssl-cert to Recommends. * Add a new config file /etc/apache2/conf.d/security with some vaguely security related diectives. (Closes: #260063) * Adjust mod_userdir accordingly. Also add "AllowOverride Indexes" for the home directories. * Disable SSLv2 by default. It is insecure. Also only enable ciphers with key lengths of at least 128 bit. * Make the init script complain about a missing $APACHE_PID_FILE during "start", too, and not only during "stop" or "restart". This makes it more obvious that /etc/apache2/envvars has to be updated. (Closes: #473982) * Add hint about the "..., using 127.0.0.1 for ServerName" warning to README.Debian. (Closes: #457708) * Add hint about the "could not create rewrite_log_lock" error message to README.Debian. (Closes: #450831) * Remove empty dir from apache2-doc to fix Lintian warning. * Always pass -g to gcc instead of relying on dpkg-buildpackage to set CFLAGS. We always want the debug info for the apache2-dbg package. [ Ryan Niebur ] * Upgraded to policy 3.8.0 - added support for noopt in DEB_BUILD_OPTIONS - added a README.source - added support for parallel in DEB_BUILD_OPTIONS * Dropped XS- from the Vcs fields in control -- Chuck Short <email address hidden> Fri, 04 Jul 2008 09:06:04 +0100
Available diffs
- diff from 2.2.9-2ubuntu1 to 2.2.9-3 (9.9 KiB)
Superseded in intrepid-release |
apache2 (2.2.9-2ubuntu1) intrepid; urgency=low * debian/config-dir/mods-available/disk_cache.conf: Don't enable caching of the root URL by default when disk_cache is enabled. (LP: #219914). * debian/control: Update Maintainer field. -- Mathias Gug <email address hidden> Tue, 24 Jun 2008 15:03:27 -0400
Available diffs
- diff from 2.2.9-2 to 2.2.9-2ubuntu1 (909 bytes)
apache2 (2.2.8-1ubuntu0.3) hardy-proposed; urgency=low * debian/config-dir/mods-available/disk_cache.conf: Don't enable caching of the root URL by default when disk_cache is enabled. (LP: #219914). disk_cache caches sensitive information without additional tweaks. Enabling it by default has security implications - it should be treated as mod_proxy. * debian/apache2.2-common.postinst: Only enable disk_cache if the 'EnableCache disk ' directive is used in the configuration. (LP: #219914). If we'd enable on every upgrade from 2.0, htcacheclean would be started even if disk_cache isn't used. -- Mathias Gug <email address hidden> Tue, 24 Jun 2008 17:45:55 -0400
Available diffs
- diff from 2.2.8-1ubuntu0.2 to 2.2.8-1ubuntu0.3 (967 bytes)
apache2 (2.2.9-2) unstable; urgency=low * Make the init script use normal 'stop' instead of 'graceful-stop' again: With graceful-stop, it can take a long time until all child processes have closed their listening sockets and there is no way for the init script to know when it is save to start apache again. This could make the restart of apache fail. (Closes: #486629, #463338) * Improve package descriptions, thanks to Justin B Rye. (Closes: #486855) -- Chuck Short <email address hidden> Tue, 24 Jun 2008 00:58:50 +0100
Available diffs
- diff from 2.2.9-1ubuntu1 to 2.2.9-2 (4.2 KiB)
Superseded in intrepid-release |
apache2 (2.2.9-1ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - Dropped debian/patches/100_mpm_wokers_crash.dpatch. Already included upstream. (LP: #235294) - Dropped debian/patches/059_ssl_memleak_fix_PR44975.dpatch. Already included upstream. - Updated maintainer field according to spec.
Available diffs
Superseded in intrepid-release |
apache2 (2.2.8-4ubuntu2) intrepid; urgency=low * debian/apache2-2-common.postinst: Fix for index.html if it is a dangling symlink when doing an upgrade. (LP: #221932) -- Chuck Short <email address hidden> Mon, 09 Jun 2008 14:24:17 +0000
Available diffs
- diff from 2.2.8-4ubuntu1 to 2.2.8-4ubuntu2 (499 bytes)
Superseded in intrepid-release |
apache2 (2.2.8-4ubuntu1) intrepid; urgency=low * debian/patches/100_mpm_wokers_crash.dpatch - Fix for segmentation fault with mpm-worker is under load. Backported from http://svn.apache.org/viewvc?view=rev&revision=631362. (LP: #235294) * Modify Maintainer value to match the DebianMaintainerField specification. -- Dustin Kirkland <email address hidden> Thu, 05 Jun 2008 15:23:03 -0500
Available diffs
- diff from 2.2.8-4 to 2.2.8-4ubuntu1 (1.3 KiB)
apache2 (2.2.8-1ubuntu0.2) hardy-proposed; urgency=low * debian/patches/100_mpm_wokers_crash.dpatch - Fix for segmentation fault with mpm-worker is under load. Backported from http://svn.apache.org/viewvc?view=rev&revision=631362. (LP: #235294) * debian/apache2.2-common.install: - Fix for index.html if it is a dangling symlink when doing an upgrade (LP: #221932) * debian/rules - Fix for Readme.Debian.gz which was a broken symlink. (LP: #231313) -- Chuck Short <email address hidden> Tue, 27 May 2008 14:32:13 -0400
301 → 375 of 421 results | First • Previous • Next • Last |