apache2 2.4.9-1 source package in Debian


apache2 (2.4.9-1) unstable; urgency=medium

  * New upstream version.
    Security fixes:
    - CVE-2013-6438: mod_dav: Fix DoS from crafted DAV WRITE requests.
    - CVE-2014-0098: mod_log_config: Fix segfaults when logging truncated
    Notable new features:
    - Support named groups and backreferences within the LocationMatch,
      DirectoryMatch, FilesMatch and ProxyMatch directives.
    - mod_proxy: Added support for unix domain sockets as the backend server
    - mod_ssl: Add support for OpenSSL configuration commands by introducing
      the SSLOpenSSLConfCmd directive.
    - mod_authz_user, mod_authz_host, mod_authz_groupfile, mod_authz_dbm,
      mod_authz_dbd, mod_authnz_ldap: Support the expression parser within the
      require directives.
    - mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore,
      and IgnoreInherit.
    - Bugfix in the build system to avoid problems with patched config.m4
      files as in LP #1251939.
  * Make default cipher list in ssl.conf more secure:
    - Remove 'MEDIUM'. This disables RC4 and SEED. Also remove '!MD5' because
      'HIGH' does not include MD5.
    - Remove the 'Speed-optimized SSL Cipher' configuration example because
      it depends on RC4, which is considered insecure.
  * Change init script short description to describe the service, not the
    script.  Closes: #738315
  * Bump Standards-Version (no changes).

 -- Stefan Fritsch <email address hidden>  Sat, 29 Mar 2014 22:50:32 +0100

Upload details

Uploaded by:
Debian Apache Maintainers on 2014-03-30
Uploaded to:
Original maintainer:
Debian Apache Maintainers
any all
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section



File Size SHA-256 Checksum
apache2_2.4.9-1.dsc 3.0 KiB cc06cbf778e4bec58d961f1cc3b238cb06a14e4f757daeed21bd8ab8b7b292dc
apache2_2.4.9.orig.tar.bz2 4.8 MiB f78cc90dfa47caf3d83ad18fd6b4e85f237777c1733fc9088594b70ce2847603
apache2_2.4.9-1.debian.tar.xz 426.0 KiB 21ac07b2c0a1ea56881ca95c48307dbc12dfe44453aef1bad03a4321055586a6

No changes file available.

Binary packages built by this source