Comment 3 for bug 460692

This bug was fixed in the package apache2 - 2.2.14-2ubuntu1

---------------
apache2 (2.2.14-2ubuntu1) lucid; urgency=low

  * Merge from debian testing, remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/conrol: Add bzr tag and point it to our tree.
    - removed debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch: it was
      already dropped from 00list, so just remove the patch entirely

apache2 (2.2.14-2) unstable; urgency=medium

  * Security:
    Reject any client-initiated SSL/TLS renegotiations. This is a partial fix
    for the TLS renegotiation prefix injection attack (CVE-2009-3555).
    Any configuration which requires renegotiation for per-directory/location
    access control is still vulnerable.
  * Allow RemoveType to override the types from /etc/mime.types. This allows
    to use .es and .tr for Spanish and Turkish files in mod_negotiation.
    Closes: #496080
  * Fix 'CacheEnable disk http://'. Closes: #442266
  * Fix missing dependency by changing killall to pkill in the init script.
    LP: #460692
  * Add X-Interactive header to init script as it may ask for the ssl key
    passphrase. Closes: #554824
  * Move httxt2dbm man page into apache2.2-bin, which includes httxt2dbm, too.
  * Enable keepalive for MSIE 7 and newer in default-ssl site and README.Debian
 -- Jamie Strandboge <email address hidden> Thu, 12 Nov 2009 16:09:30 -0600