Changelog
apache2 (2.2.22-13+deb7u2) wheezy; urgency=medium
* Backport support for SSL ECC keys and ECDH ciphers.
Bump build-dependency for libssl-dev to 1.0.1e-2+deb7u8 to get the
compatibility fix for older Safari browsers. Apache2 will still
run with older libssl-1.0.0 but without the compatibility fix.
In case of problems, see README.Debian.
* CVE-2013-6438: mod_dav: Fix potential denial of service from
specifically crafted DAV WRITE requests.
* mod_log_config: Fix a bug that cookies whose values contain '=' would
only be logged partially. This is related to CVE-2014-0098, but Apache
2.2.22 is not vulnerable to this issue.
* mod_proxy: Fix crashes under high load with threaded mpms.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50335
-- Stefan Fritsch <email address hidden> Sun, 25 May 2014 17:35:34 +0200