Ubuntu
apache2 package

Change logs for apache2 source package in Raring

  1. Raring (13.04)
  2. Change log 
  • apache2 (2.2.22-6ubuntu5.1) raring-security; urgency=low

  * SECURITY UPDATE: log file poisoning via mod_rewrite (LP: #1188069)
    - debian/patches/CVE-2013-1862.patch: properly escape items in
      modules/mappers/mod_rewrite.c.
    - CVE-2013-1862
  * SECURITY UPDATE: denial of service via MERGE request
    - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
      in modules/dav/main/mod_dav.c.
    - CVE-2013-1896
 -- Marc Deslauriers <email address hidden>   Fri, 12 Jul 2013 08:29:24 -0400
  • apache2 (2.2.22-6ubuntu5) raring; urgency=low

  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
    - Thanks to Stefan Fritsch for the fix.
    - CVE-2013-1048
 -- Marc Deslauriers <email address hidden>   Fri, 15 Mar 2013 07:59:58 -0400
  • apache2 (2.2.22-6ubuntu4) raring; urgency=low

  * Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to configure.
  * Skip module sanity check between MPMs if cross-building without the
    kernel/binfmt support to run our target binaries on the build system.
  * Backport several cross fixes from upstream as 086_svn_cross_compiles.
 -- Adam Conrad <email address hidden>   Wed, 05 Dec 2012 02:21:46 -0700
  • apache2 (2.2.22-6ubuntu3) raring; urgency=low

  * SECURITY UPDATE: XSS vulnerability in mod_negotiation
    - debian/patches/CVE-2012-2687.patch: escape filenames in
      modules/mappers/mod_negotiation.c.
    - CVE-2012-2687
  * SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
    - debian/patches/CVE-2012-4929.patch: backport SSLCompression on|off
      directive. Defaults to off as enabling compression enables the CRIME
      attack.
    - CVE-2012-4929
 -- Marc Deslauriers <email address hidden>   Thu, 08 Nov 2012 17:56:24 -0500
  • apache2 (2.2.22-6ubuntu2) quantal; urgency=low

  * debian/apache2.py
   - Update apport hook for python3 ; thanks to Edward Donovan (LP: #1013171)
   - Check if this directory exists: /etc/apache2/sites-enabled/
 -- Matthieu Baerts (matttbe) <email address hidden>   Mon, 16 Jul 2012 10:02:18 +0200