apache2 2.4.10-1 source package in Debian


apache2 (2.4.10-1) unstable; urgency=medium

  [ Arno Töll ]
  * New upstream version
    + Refresh debian/patches/fhs_compliance.patch
    + Security Fixes:
      - CVE-2014-0117 mod_proxy: Fix DoS that could cause a crash
      - CVE-2014-0226 Fix a race condition resulting in a heap overflow in
        scoreboard handling
      - CVE-2014-0118 mod_deflate: The DEFLATE input filter now limits the
        length and compression ratio of inflated request to mitigate a
        possible DoS
      - CVE-2014-0231 mod_cgid: Fix a denial of service against CGI scripts
    + Fixes SNI with certificate defined in global scope. (Closes: #751361)
  * Warn users if they try to disable modules that we consider essential for
    operation of the Apache web server (Closes: #709461)
  * Drop libcap from our build-dependencies. That was needed for itk which we
    gave source out to it's own package again.
  * Provide apache2.2-common package to avoid upgrading problems for people
    using --purge (apt) or --purge-unused (aptitude) even though that's
    clearly discouraged. This caused disappearing of conffiles because we move
    them from apache2.2-common to apache2 during the upgrade. Ugh. This was
    not a bug in our packaging, but an unfortunately people blame us
    nonetheless even though it's not all our fault. This alternative helps
    those people, but at the same time means that incompatible modules aren't
    force-removed by dpkg during the upgrade. Hopefully we catch all of them
    with the Breaks relation coming along (Closes: #716880, #752922, #711925)

 -- Stefan Fritsch <email address hidden>  Tue, 22 Jul 2014 23:16:20 +0200

Upload details

Uploaded by:
Debian Apache Maintainers on 2014-07-23
Uploaded to:
Original maintainer:
Debian Apache Maintainers
any all
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section



File Size SHA-256 Checksum
apache2_2.4.10-1.dsc 3.1 KiB 04485d83cb0440707d078163a544b676dc4df5918638cc30567f8cb19588b560
apache2_2.4.10.orig.tar.bz2 4.8 MiB 176c4dac1a745f07b7b91e7f4fd48f9c48049fa6f088efe758d61d9738669c6a
apache2_2.4.10-1.debian.tar.xz 428.0 KiB c054bfe4cb4b72bc0423188b428041272c039a86455d84a55801c0e723c88a3b

No changes file available.

Binary packages built by this source