apache2 2.2.9-10+lenny12 source package in Debian
Changelog
apache2 (2.2.9-10+lenny12) lenny-security; urgency=high
* Prevent unintended pattern expansion in some reverse proxy
configurations by strictly validating the request-URI. Fixes
CVE-2011-3368, CVE-2011-3639, CVE-2011-4317.
* CVE-2011-3607: Fix integer overflow in ap_pregsub(), which allowed local
privilege escalation.
* CVE-2012-0031: Fix client process being able to crash parent process
during shutdown.
* CVE-2012-0053: Fix an issue in code 400 error responses that could expose
"httpOnly" cookies.
-- Stefan Fritsch <email address hidden> Sun, 05 Feb 2012 21:56:02 +0100
Upload details
- Uploaded by:
- Debian Apache Maintainers
- Uploaded to:
- Lenny
- Original maintainer:
- Debian Apache Maintainers
- Architectures:
- any
- Section:
- web
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Lenny | release | main | web |
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| apache2_2.2.9-10+lenny12.dsc | 1.7 KiB | 0414eca4a7aaa05d272473045e24d98eb87427ca6dd8c0648dfc8867876e21e2 |
| apache2_2.2.9.orig.tar.gz | 6.1 MiB | 74c92f9905a809fb18822f0d98e45712bb17495cefaf2b5315c2ce15840a04a2 |
| apache2_2.2.9-10+lenny12.diff.gz | 157.3 KiB | 67b5d1add22e1f74704888d4852079dd681de348004695d42801b7aeee1887cd |
No changes file available.
