-
apache2 (2.0.53-5ubuntu5.6) hoary-security; urgency=low
* SECURITY UPDATE: Remote DoS, potential remote code execution.
* Add debian/patches/053_mod_rewite_CVE-2006-3747:
- Fix off-by-one buffer overflow in mod_rewrite's ldap scheme handler.
- Reported by Mark Dowd of McAfee Avert Labs.
- CVE-2006-3747
-- Martin Pitt <email address hidden> Wed, 26 Jul 2006 07:20:37 +0000
-
apache2 (2.0.53-5ubuntu5.5) hoary-security; urgency=low
* SECURITY UPDATE: Remote DoS and Cross-Site Scripting vulnerability.
- Add 050_mod_imap_CVE-2005-3352 to escape untrusted referer headers in
mod_imap before outputting HTML to avoid XSS attacks; see CVE-2005-3352
- Add 051_mod_ssl_CVE-2005-3357 to avoid a remote denial of service in
threaded MPMs when making a non-SSL connection to an SSL-enabled port
on a server with a custom 400 error document defined; see CVE-2005-3357
-- Adam Conrad <email address hidden> Sun, 8 Jan 2006 00:01:38 +1100
-
apache2 (2.0.53-5ubuntu5.4) hoary-security; urgency=low
* SECURITY UPDATE: Memory exhaustion denial of service in apache2-mpm-worker
- Apply 048_worker_memleak_CAN-2005-2970 to resolves a memory leak in
the worker MPM that can occur after aborted connections; CAN-2005-2970
-- Adam Conrad <email address hidden> Tue, 6 Dec 2005 02:18:35 +1100
-
apache2 (2.0.53-5ubuntu5) hoary; urgency=low
* Fix the init script to not exit with an error when asked to
stop a daemon that isn't running (Was the root cause of #8374)
-- Adam Conrad <adconrad@0c3.net> Fri, 1 Apr 2005 16:30:56 +0000
