diff -u passenger-2.2.11debian/debian/changelog passenger-2.2.11debian/debian/changelog
--- passenger-2.2.11debian/debian/changelog
+++ passenger-2.2.11debian/debian/changelog
@@ -1,3 +1,13 @@
+passenger (2.2.11debian-2+deb6u1ubuntu12.04.2) precise-security; urgency=medium
+
+  * REGRESSION UPDATE: Fix for regression introduced in previous
+    CVE-2015-7519 fix.  All HTTP headers were dropped from the
+    request which broke all applications. Backport the upstream
+    fix from commit c04590871ca0878d4d3ac1220c5a554b049056b4 for
+    Apache2 only (LP: #1575220)
+
+ -- Trent Lloyd <trent.lloyd@canonical.com>  Tue, 05 Jul 2016 00:42:47 +0800
+
 passenger (2.2.11debian-2+deb6u1ubuntu12.04.1) precise-security; urgency=medium
 
   * fake sync from Debian
diff -u passenger-2.2.11debian/ext/apache2/Hooks.cpp passenger-2.2.11debian/ext/apache2/Hooks.cpp
--- passenger-2.2.11debian/ext/apache2/Hooks.cpp
+++ passenger-2.2.11debian/ext/apache2/Hooks.cpp
@@ -779,37 +779,25 @@
 	char *lookupEnv(request_rec *r, const char *name) {
 		return lookupName(r->subprocess_env, name);
 	}
-
-	static bool
-	isAlphaNum(char ch) {
-		return (ch >= '0' && ch <= '9') || (ch >= 'a' && ch <= 'z') || (ch >= 'A' && ch <= 'Z');
-	}
-
-	/**
-	 * For CGI, alphanum headers with optional dashes are mapped to UPP3R_CAS3. This
-	 * function can be used to reject non-alphanum/dash headers that would end up with
-	 * the same mapping (e.g. upp3r_cas3 and upp3r-cas3 would end up the same, and
-	 * potentially collide each other in the receiving application). This is
-	 * used to fix CVE-2015-7519.
-	 */
-	static bool
-	containsNonAlphaNumDash(const char *s) {
-		size_t len = strlen(s);
-		for (size_t i = 0; i < len; i++) {
-			const char start = s[i];
-			if (start != '-' && !isAlphaNum(start)) {
-				return true;
-			}
-		}
-		return false;
-	}
 	
 	void inline addHeader(apr_table_t *table, const char *name, const char *value) {
-		if (name != NULL && value != NULL && !containsNonAlphaNumDash(name)) {
+		if (name != NULL && value != NULL) {
 			apr_table_addn(table, name, value);
 		}
 	}
 	
+	// Renamed upstream function contains_non_alphanumdash from commit c04590871ca0878d4d3ac1220c5a554b049056b4
+	// because the return values were confusingly opposite to what the name suggested.  Used for CVE-2015-7519 fix.
+	bool contains_alphanumdash_only(const char *current) {
+		while (*current != '\0') {
+			if (!apr_isalnum(*current) && *current != '-') {
+				return false;
+			}
+			current++;
+		}
+		return true;
+	}
+
 	apr_status_t sendHeaders(request_rec *r, DirConfig *config, Application::SessionPtr &session, const char *baseURI) {
 		apr_table_t *headers;
 		headers = apr_table_make(r->pool, 40);
@@ -871,7 +859,7 @@
 		hdrs_arr = apr_table_elts(r->headers_in);
 		hdrs = (apr_table_entry_t *) hdrs_arr->elts;
 		for (i = 0; i < hdrs_arr->nelts; ++i) {
-			if (hdrs[i].key) {
+			if (hdrs[i].key && contains_alphanumdash_only(hdrs[i].key)) {
 				addHeader(headers, http2env(r->pool, hdrs[i].key), hdrs[i].val);
 			}
 		}