Changelog
apache2 (2.4.16-1) unstable; urgency=medium
[ Stefan Fritsch ]
* New upstream version, fixing the following security issues:
+ CVE-2015-3183: Fix chunk header parsing defect.
+ CVE-2015-3185: ap_some_auth_required() broken in apache 2.4 in an
unfixable way. Add a new replacement API ap_some_authn_required()
and ap_force_authn hook.
[ Jean-Michel Vourgère ]
* Allow "triggers-awaited" and "triggers-pending" states in addition to
"installed" when determining whether to defer actions or process
deferred actions. Thanks Colin Watson. Closes: #787103
* Allow a2dismod cgi on threaded mpms. Thanks Raul Dias. Closes:
#733979
* Remove pre-Jessie transition scripts, and remaining breaks.
* Made builds reproducible: d/rules set the date from the changelog in
CPPFLAGS, new reproducible_builds.diff patch to use it.
* Moved bash_completion from /etc to /usr/share/bash_completion. Added
links there for dynamic loading.
* Upgrade security.conf comments to 2.4 auth format. Thanks Werner
Detter. Closes: #789788
* apache2.postinst: Fixed tests on deferred mpm switch. Closes:
#789914
-- Stefan Fritsch <email address hidden> Sun, 02 Aug 2015 00:44:07 +0200
