apache2 2.2.22-13+deb7u4 source package in Debian

Changelog

apache2 (2.2.22-13+deb7u4) wheezy; urgency=medium


  * CVE-2013-5704: Fix handling of chunk trailers. A remote attacker could
    use this flaw to bypass intended mod_headers restrictions, allowing
    them to send requests to applications that include headers that should
    have been removed by mod_headers.
    The new behavior is to not merge trailers into the headers autmatically.
    A new directive "MergeTrailers" is introduced to restore the old
    behavior.
  * Fix hostname comparison with SNI to be case insensitive. Closes: #771199
  * Fix valule of SSL_CLIENT_S_DN_UID in mod_ssl (broken in 2.2.15).
    Closes: #773841
  * Add paragraph about session ticket key life-time and forward secrecy to
    README.Debian. Closes: #762619

 -- Stefan Fritsch <email address hidden>  Tue, 23 Dec 2014 23:44:24 +0100

Upload details

Uploaded by:
Debian Apache Maintainers on 2015-01-10
Uploaded to:
Wheezy
Original maintainer:
Debian Apache Maintainers
Architectures:
any all
Section:
httpd
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
apache2_2.2.22-13+deb7u4.dsc 2.8 KiB 256e8d59f1d5f71cdbc2642003333b77aa0039b24c817584bee0e7e4eb4c400d
apache2_2.2.22.orig.tar.gz 6.9 MiB 74c1ffffefe1a502339b004ad6488fbd858eb425a05968cd67c05695dbc0fe7c
apache2_2.2.22-13+deb7u4.debian.tar.gz 212.9 KiB c4dbf8b4e8b62ae4bb59bce73de99b0cc84d337e516ee300936db6184c921c78

No changes file available.

Binary packages built by this source