Ubuntu
apache2 package

Change log for apache2 package in Ubuntu

226300 of 421 results FirstLast
Obsolete in quantal-updates
Obsolete in quantal-security 
apache2 (2.2.22-6ubuntu2.4) quantal-security; urgency=medium

  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
    calculation
    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
      in modules/dav/main/util.c.
    - CVE-2013-6438
  * SECURITY UPDATE: denial of service via truncated cookie and
    mod_log_config
    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
      modules/loggers/mod_log_config.c.
    - CVE-2014-0098
 -- Marc Deslauriers <email address hidden>   Wed, 19 Mar 2014 15:38:47 -0400
Superseded in precise-updates
Superseded in precise-security 
apache2 (2.2.22-1ubuntu1.5) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
    calculation
    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
      in modules/dav/main/util.c.
    - CVE-2013-6438
  * SECURITY UPDATE: denial of service via truncated cookie and
    mod_log_config
    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
      modules/loggers/mod_log_config.c.
    - CVE-2014-0098
 -- Marc Deslauriers <email address hidden>   Wed, 19 Mar 2014 15:42:46 -0400
Obsolete in saucy-updates
Obsolete in saucy-security 
apache2 (2.4.6-2ubuntu2.2) saucy-security; urgency=medium

  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
    calculation
    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
      in modules/dav/main/util.c.
    - CVE-2013-6438
  * SECURITY UPDATE: denial of service via truncated cookie and
    mod_log_config
    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
      modules/loggers/mod_log_config.c.
    - CVE-2014-0098
 -- Marc Deslauriers <email address hidden>   Wed, 19 Mar 2014 15:32:18 -0400
Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release) 
apache2 (2.4.7-1ubuntu2) trusty; urgency=medium

  * d/index.html: replace Debian with Ubuntu on default page
    (LP: #1288690).
 -- Robie Basak <email address hidden>   Wed, 19 Mar 2014 11:04:21 +0000

Available diffs

Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release) 
apache2 (2.4.7-1ubuntu1) trusty; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - d/control, d/config-dir/mods-available/ssl.conf,
      d/ask-for-passphrase, d/apache2.install, d/tests/ssl-passphrase:
      Plymouth aware passphrase dialog program ask-for-passphrase.
    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE
      to configure.
    - debian/patches/086_svn_cross_compiles: Backport several cross fixes
      from upstream
    - Build using lua5.2.
    - d/tests/chroot: dep8 test for ChrootDir case.
    - d/p/ignore-quilt-dir: adjust build system so that it does not use
      files find inside the .pc directory. This stops a double module load
      causing later havoc, including "ChrootDir" directive failure.
  * Drop changes:
    - debian/{control, rules}: Enable PIE hardening: no longer required;
      2.4.7-1 is already hardened.
    - d/p/itk-rerun-configure.patch: no longer needed, as ITK support has moved
      out of this package.
  * d/tests/ssl-passphrase: update for new default path /var/www/html.
  * d/tests/duplicate-module-load: check for duplicate module loads.
 -- Robie Basak <email address hidden>   Tue, 14 Jan 2014 17:23:47 +0000

Available diffs

Superseded in saucy-updates
Deleted in saucy-proposed (Reason: moved to -updates) 
apache2 (2.4.6-2ubuntu2.1) saucy; urgency=low

  * d/p/ignore-quilt-dir, d/p/itk-rerun-configure.patch: adjust build system so
    that it does not use files find inside the .pc directory. This stops a
    double module load causing later havoc, including "ChrootDir" directive
    failure (LP: #1251939). Thanks to Stefan Fritsch.
  * d/tests/chroot: dep8 test for ChrootDir case.
 -- Robie Basak <email address hidden>   Thu, 28 Nov 2013 17:45:57 +0000
Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release) 
apache2 (2.4.6-2ubuntu4) trusty; urgency=low

  * d/p/ignore-quilt-dir, d/p/itk-rerun-configure.patch: adjust build system so
    that it does not use files find inside the .pc directory. This stops a
    double module load causing later havoc, including "ChrootDir" directive
    failure (LP: #1251939). Thanks to Stefan Fritsch.
  * d/tests/chroot: dep8 test for ChrootDir case.
 -- Robie Basak <email address hidden>   Thu, 28 Nov 2013 16:21:51 +0000

Available diffs

Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release) 
apache2 (2.4.6-2ubuntu3) trusty; urgency=low

  * debian/apache2.install: Correct path for ufw.
    (LP: #1252722)
 -- Chuck Short <email address hidden>   Tue, 19 Nov 2013 08:59:54 -0500

Available diffs

Superseded in trusty-release
Obsolete in saucy-release
Deleted in saucy-proposed (Reason: moved to release) 
apache2 (2.4.6-2ubuntu2) saucy; urgency=low

  * d/ask-for-passphrase: mark executable so that apache2 can run it. Fixes
    passphrase prompting for SSL certificates that are passphrase protected.
  * Add dep8 test for SSL passphrase prompting.
 -- Robie Basak <email address hidden>   Fri, 09 Aug 2013 13:08:52 +0000

Available diffs

Superseded in saucy-release
Deleted in saucy-proposed (Reason: moved to release) 
apache2 (2.4.6-2ubuntu1) saucy; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - debian/control, debian/config-dir/mods-available/ssl.conf,
      debian/ask-for-passphrase, debian/apache2.install: Plymouth aware
      passphrase dialog program ask-for-passphrase.
    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE
      to configure.
    - debian/patches/086_svn_cross_compiles: Backport several cross fixes
      from upstream
  * Dropped changes:
    - debian/patches/CVE-2013-1896.patch: upstream
  * Fixed module dependencies (LP: #1205314)
    - debian/config-dir/mods-available/lbmethod_*: properly specify
      proxy_balancer, not mod_proxy_balancer.

Available diffs

Superseded in saucy-release
Deleted in saucy-proposed (Reason: moved to release) 
apache2 (2.4.4-6ubuntu5) saucy; urgency=low

  * SECURITY UPDATE: denial of service via MERGE request
    - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
      in modules/dav/main/mod_dav.c.
    - CVE-2013-1896
 -- Marc Deslauriers <email address hidden>   Thu, 18 Jul 2013 11:20:47 -0400

Available diffs

Superseded in saucy-release
Deleted in saucy-proposed (Reason: moved to release) 
apache2 (2.4.4-6ubuntu4) saucy; urgency=low

  * d/apache2-{utils,bin}.install: move apport hook from apache2-utils to
    apache2-bin. apache2-utils is only suggested by apache2, so may not
    always be installed by bug reporters. However, apache2-bin will always
    need to be installed for Apache to be functional, so this is a better
    place for the apport hook. apache2-bin already Conflicts/Replaces
    apache2.2-common, so this also fixes (LP: #1199318).
  * d/apache2.py: adjust apport hook for new location of configuration
    files in apache2 >= 2.4: they have moved from apache2.2-common to
    apache2.
 -- Robie Basak <email address hidden>   Wed, 17 Jul 2013 17:54:22 +0000
Superseded in saucy-proposed 
apache2 (2.4.4-6ubuntu3) saucy; urgency=low

  * Build using lua5.2.
 -- Matthias Klose <email address hidden>   Wed, 17 Jul 2013 14:24:42 +0200

Available diffs

Superseded in lucid-updates
Superseded in lucid-security 
apache2 (2.2.14-5ubuntu8.12) lucid-security; urgency=low

  * SECURITY UPDATE: log file poisoning via mod_rewrite (LP: #1188069)
    - debian/patches/CVE-2013-1862.dpatch: properly escape items in
      modules/mappers/mod_rewrite.c.
    - CVE-2013-1862
  * SECURITY UPDATE: denial of service via MERGE request
    - debian/patches/CVE-2013-1896.dpatch: make sure DAV is enabled for URI
      in modules/dav/main/mod_dav.c.
    - CVE-2013-1896
 -- Marc Deslauriers <email address hidden>   Fri, 12 Jul 2013 09:00:34 -0400
Superseded in precise-updates
Superseded in precise-security 
apache2 (2.2.22-1ubuntu1.4) precise-security; urgency=low

  * SECURITY UPDATE: log file poisoning via mod_rewrite (LP: #1188069)
    - debian/patches/CVE-2013-1862.patch: properly escape items in
      modules/mappers/mod_rewrite.c.
    - CVE-2013-1862
  * SECURITY UPDATE: denial of service via MERGE request
    - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
      in modules/dav/main/mod_dav.c.
    - CVE-2013-1896
 -- Marc Deslauriers <email address hidden>   Fri, 12 Jul 2013 08:58:01 -0400
Superseded in quantal-updates
Superseded in quantal-security 
apache2 (2.2.22-6ubuntu2.3) quantal-security; urgency=low

  * SECURITY UPDATE: log file poisoning via mod_rewrite (LP: #1188069)
    - debian/patches/CVE-2013-1862.patch: properly escape items in
      modules/mappers/mod_rewrite.c.
    - CVE-2013-1862
  * SECURITY UPDATE: denial of service via MERGE request
    - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
      in modules/dav/main/mod_dav.c.
    - CVE-2013-1896
 -- Marc Deslauriers <email address hidden>   Fri, 12 Jul 2013 08:35:53 -0400
Obsolete in raring-updates
Obsolete in raring-security 
apache2 (2.2.22-6ubuntu5.1) raring-security; urgency=low

  * SECURITY UPDATE: log file poisoning via mod_rewrite (LP: #1188069)
    - debian/patches/CVE-2013-1862.patch: properly escape items in
      modules/mappers/mod_rewrite.c.
    - CVE-2013-1862
  * SECURITY UPDATE: denial of service via MERGE request
    - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
      in modules/dav/main/mod_dav.c.
    - CVE-2013-1896
 -- Marc Deslauriers <email address hidden>   Fri, 12 Jul 2013 08:29:24 -0400
Superseded in saucy-proposed 
apache2 (2.4.4-6ubuntu2) saucy; urgency=low

  * debian/rules: Fix FTBFS while installing ufw.
 -- Chuck Short <email address hidden>   Tue, 02 Jul 2013 10:10:14 -0500

Available diffs

Superseded in saucy-proposed 
apache2 (2.4.4-6ubuntu1) saucy; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.
  * Dropped changes:
    - debian/patches/CVE-2012-2687.patch: Dropped no longer needed.
    - debian/patches/CVE-2012-3499_4558.patch: Dropped no longer needed.
    - debian/patches/CVE-2012-4929.patch: Dropped no longer needed.
 -- Chuck Short <email address hidden>   Tue, 02 Jul 2013 08:34:01 -0500
Superseded in saucy-release
Obsolete in raring-release
Deleted in raring-proposed (Reason: moved to release) 
apache2 (2.2.22-6ubuntu5) raring; urgency=low

  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
    - Thanks to Stefan Fritsch for the fix.
    - CVE-2013-1048
 -- Marc Deslauriers <email address hidden>   Fri, 15 Mar 2013 07:59:58 -0400
Obsolete in hardy-updates
Obsolete in hardy-security 
apache2 (2.2.8-1ubuntu0.25) hardy-security; urgency=low

  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.dpatch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: denial of service in mod_proxy_ajp
    - debian/patches/CVE-2012-4557.dpatch: check for timeout in
      modules/proxy/ajp_link.c, modules/proxy/mod_proxy_ajp.c.
    - CVE-2012-4557
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/patches/CVE-2013-1048.dpatch: introduce and use a safer
      mkdir_chown() function in support/apachectl.in.
    - CVE-2013-1048
 -- Marc Deslauriers <email address hidden>   Fri, 08 Mar 2013 11:17:51 -0500
Superseded in lucid-updates
Superseded in lucid-security 
apache2 (2.2.14-5ubuntu8.11) lucid-security; urgency=low

  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.dpatch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: denial of service in mod_proxy_ajp
    - debian/patches/CVE-2012-4557.dpatch: check for timeout in
      modules/proxy/ajp_link.c, modules/proxy/mod_proxy_ajp.c.
    - CVE-2012-4557
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/patches/CVE-2013-1048.dpatch: introduce and use a safer
      mkdir_chown() function in support/apachectl.in.
    - CVE-2013-1048
 -- Marc Deslauriers <email address hidden>   Fri, 08 Mar 2013 10:47:48 -0500
Obsolete in oneiric-updates
Obsolete in oneiric-security 
apache2 (2.2.20-1ubuntu1.4) oneiric-security; urgency=low

  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.dpatch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: denial of service in mod_proxy_ajp
    - debian/patches/CVE-2012-4557.dpatch: check for timeout in
      modules/proxy/ajp_link.c, modules/proxy/mod_proxy_ajp.c.
    - CVE-2012-4557
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
    - Thanks to Stefan Fritsch for the fix.
    - CVE-2013-1048
 -- Marc Deslauriers <email address hidden>   Fri, 08 Mar 2013 09:56:53 -0500
Superseded in precise-updates
Superseded in precise-security 
apache2 (2.2.22-1ubuntu1.3) precise-security; urgency=low

  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
    - Thanks to Stefan Fritsch for the fix.
    - CVE-2013-1048
 -- Marc Deslauriers <email address hidden>   Fri, 08 Mar 2013 09:52:54 -0500
Superseded in quantal-updates
Superseded in quantal-security 
apache2 (2.2.22-6ubuntu2.2) quantal-security; urgency=low

  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
    - Thanks to Stefan Fritsch for the fix.
    - CVE-2013-1048
 -- Marc Deslauriers <email address hidden>   Fri, 08 Mar 2013 09:31:43 -0500
Superseded in raring-release
Deleted in raring-proposed (Reason: moved to release) 
apache2 (2.2.22-6ubuntu4) raring; urgency=low

  * Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to configure.
  * Skip module sanity check between MPMs if cross-building without the
    kernel/binfmt support to run our target binaries on the build system.
  * Backport several cross fixes from upstream as 086_svn_cross_compiles.
 -- Adam Conrad <email address hidden>   Wed, 05 Dec 2012 02:21:46 -0700
Superseded in raring-release
Deleted in raring-proposed (Reason: moved to release) 
apache2 (2.2.22-6ubuntu3) raring; urgency=low

  * SECURITY UPDATE: XSS vulnerability in mod_negotiation
    - debian/patches/CVE-2012-2687.patch: escape filenames in
      modules/mappers/mod_negotiation.c.
    - CVE-2012-2687
  * SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
    - debian/patches/CVE-2012-4929.patch: backport SSLCompression on|off
      directive. Defaults to off as enabling compression enables the CRIME
      attack.
    - CVE-2012-4929
 -- Marc Deslauriers <email address hidden>   Thu, 08 Nov 2012 17:56:24 -0500
Superseded in precise-updates
Superseded in precise-security 
apache2 (2.2.22-1ubuntu1.2) precise-security; urgency=low

  * SECURITY UPDATE: XSS vulnerability in mod_negotiation
    - debian/patches/CVE-2012-2687.patch: escape filenames in
      modules/mappers/mod_negotiation.c.
    - CVE-2012-2687
  * SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
    - debian/patches/CVE-2012-4929.patch: backport SSLCompression on|off
      directive. Defaults to off as enabling compression enables the CRIME
      attack.
    - CVE-2012-4929
 -- Marc Deslauriers <email address hidden>   Tue, 06 Nov 2012 14:30:45 -0500
Superseded in hardy-updates
Superseded in hardy-security 
apache2 (2.2.8-1ubuntu0.24) hardy-security; urgency=low

  * SECURITY UPDATE: XSS vulnerability in mod_negotiation
    - debian/patches/224_CVE-2012-2687.dpatch: escape filenames in
      modules/mappers/mod_negotiation.c.
    - CVE-2012-2687
  * SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
    - debian/patches/225_CVE-2012-4929.dpatch: backport SSLCompression
      on|off directive. Defaults to off as enabling compression enables the
      CRIME attack.
    - CVE-2012-4929
 -- Marc Deslauriers <email address hidden>   Tue, 06 Nov 2012 15:01:07 -0500
Superseded in lucid-updates
Superseded in lucid-security 
apache2 (2.2.14-5ubuntu8.10) lucid-security; urgency=low

  * SECURITY UPDATE: XSS vulnerability in mod_negotiation
    - debian/patches/302_CVE-2012-2687.dpatch: escape filenames in
      modules/mappers/mod_negotiation.c.
    - CVE-2012-2687
  * SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
    - debian/patches/303_CVE-2012-4929.dpatch: backport SSLCompression
      on|off directive. Defaults to off as enabling compression enables the
      CRIME attack.
    - CVE-2012-4929
 -- Marc Deslauriers <email address hidden>   Tue, 06 Nov 2012 14:47:15 -0500
Superseded in oneiric-updates
Superseded in oneiric-security 
apache2 (2.2.20-1ubuntu1.3) oneiric-security; urgency=low

  * SECURITY UPDATE: XSS vulnerability in mod_negotiation
    - debian/patches/220_CVE-2012-2687.dpatch: escape filenames in
      modules/mappers/mod_negotiation.c.
    - CVE-2012-2687
  * SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
    - debian/patches/221_CVE-2012-4929.dpatch: backport SSLCompression
      on|off directive. Defaults to off as enabling compression enables the
      CRIME attack.
    - CVE-2012-4929
 -- Marc Deslauriers <email address hidden>   Tue, 06 Nov 2012 14:32:40 -0500
Superseded in quantal-updates
Superseded in quantal-security 
apache2 (2.2.22-6ubuntu2.1) quantal-security; urgency=low

  * SECURITY UPDATE: XSS vulnerability in mod_negotiation
    - debian/patches/CVE-2012-2687.patch: escape filenames in
      modules/mappers/mod_negotiation.c.
    - CVE-2012-2687
  * SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
    - debian/patches/CVE-2012-4929.patch: backport SSLCompression on|off
      directive. Defaults to off as enabling compression enables the CRIME
      attack.
    - CVE-2012-4929
 -- Marc Deslauriers <email address hidden>   Tue, 06 Nov 2012 14:22:46 -0500
Superseded in raring-release
Obsolete in quantal-release 
apache2 (2.2.22-6ubuntu2) quantal; urgency=low

  * debian/apache2.py
   - Update apport hook for python3 ; thanks to Edward Donovan (LP: #1013171)
   - Check if this directory exists: /etc/apache2/sites-enabled/
 -- Matthieu Baerts (matttbe) <email address hidden>   Mon, 16 Jul 2012 10:02:18 +0200
Deleted in precise-proposed (Reason: Declined SRU (bug #988819)) 
apache2 (2.2.22-1ubuntu1.1) precise-proposed; urgency=low

  * debian/patches/083_dlopen_search_path: use dlopen() search path to
    enable modules that use multiarch, such as libapache2-modsecurity.
    These modules can now use no path and apache2 will be able to find
    them (LP: #988819).
 -- Robie Basak <email address hidden>   Fri, 08 Jun 2012 15:45:02 +0100
Superseded in quantal-release 
apache2 (2.2.22-6ubuntu1) quantal; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.
  * Dropped changes:
    - debian/control: Add bzr tag and point it to our tree; this is not
      really required and just increases the delta.
Superseded in lucid-updates
Deleted in lucid-proposed (Reason: moved to -updates) 
apache2 (2.2.14-5ubuntu8.9) lucid-proposed; urgency=low

  * debian/patches/99-fix-mod-dav-permissions.dpatch: Fix webdav permissions,
    backported from trunk Thanks to James M. Leady (LP: #540747)
 -- Chuck Short <email address hidden>   Fri, 02 Mar 2012 14:43:08 -0500
Superseded in hardy-updates
Superseded in hardy-security 
apache2 (2.2.8-1ubuntu0.23) hardy-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/220_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/221_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/222_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/223_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053
 -- Marc Deslauriers <email address hidden>   Tue, 14 Feb 2012 10:49:11 -0500
Superseded in lucid-updates
Superseded in lucid-security 
apache2 (2.2.14-5ubuntu8.8) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053
 -- Marc Deslauriers <email address hidden>   Tue, 14 Feb 2012 10:36:43 -0500
Obsolete in maverick-updates
Obsolete in maverick-security 
apache2 (2.2.16-1ubuntu3.5) maverick-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053
 -- Marc Deslauriers <email address hidden>   Tue, 14 Feb 2012 10:11:29 -0500
Obsolete in natty-updates
Obsolete in natty-security 
apache2 (2.2.17-1ubuntu1.5) natty-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service via invalid cookie
    - debian/patches/217_CVE-2012-0021.dpatch: check name and value in
      modules/loggers/mod_log_config.c.
    - CVE-2012-0021
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053
 -- Marc Deslauriers <email address hidden>   Tue, 14 Feb 2012 10:02:26 -0500
Superseded in oneiric-updates
Superseded in oneiric-security 
apache2 (2.2.20-1ubuntu1.2) oneiric-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service via invalid cookie
    - debian/patches/217_CVE-2012-0021.dpatch: check name and value in
      modules/loggers/mod_log_config.c.
    - CVE-2012-0021
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053
 -- Marc Deslauriers <email address hidden>   Tue, 14 Feb 2012 09:35:36 -0500
Superseded in quantal-release
Published in precise-release 
apache2 (2.2.22-1ubuntu1) precise; urgency=low

  * Merge from Debian testing.  Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.

Available diffs

Superseded in precise-release 
apache2 (2.2.21-5ubuntu1) precise; urgency=low

  * Merge from Debian testing.  Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.
Superseded in precise-release 
apache2 (2.2.21-3ubuntu2) precise; urgency=low

  * d/ask-for-passphrase: Flip the logic of this script so that it checks
    first to see if apache is being started from a TTY, and then if not,
    tries plymouth. (LP: #887410)
 -- Clint Byrum <email address hidden>   Tue, 06 Dec 2011 16:49:33 -0800

Available diffs

Superseded in precise-release 
apache2 (2.2.21-3ubuntu1) precise; urgency=low

  * Merge from Debian testing.  Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.
Superseded in precise-release 
apache2 (2.2.21-2ubuntu2) precise; urgency=low

  * No-change rebuild to drop spurious libsfgcc1 dependency on armhf.
 -- Adam Conrad <email address hidden>   Fri, 02 Dec 2011 17:36:28 -0700

Available diffs

Superseded in oneiric-updates
Superseded in oneiric-security 
apache2 (2.2.20-1ubuntu1.1) oneiric-security; urgency=low

  * SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740)
    - debian/patches/212_CVE-2011-3368.dpatch: return 400
      on invalid requests. (patch courtesy of Michael Jeanson)
    - CVE-2011-3368
  * SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674)
    - debian/patches/213_CVE-2011-3348.dpatch: return
      HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested
    - CVE-2011-3348
  * Include additional fixes for regressions introduced by
    CVE-2011-3192 fixes
    - debian/patches/214_CVE-2011-3192_regression.dpatch:
      take upstream fixes for byterange_filter.c through the 2.2.21
      release except for the added MaxRanges configuration option, along
      with a staged fix for the 2.2.22 release.
 -- Steve Beattie <email address hidden>   Mon, 07 Nov 2011 14:01:10 -0800
Superseded in hardy-updates
Superseded in hardy-security 
apache2 (2.2.8-1ubuntu0.22) hardy-security; urgency=low

  [ Michael Jeanson ]
  * SECURITY UPDATE: mod_proxy reverse proxy exposure
    * debian/patches/216_CVE-2011-3368.dpatch: return 400
      on invalid requests.
    - debian/patches/214_CVE-2011-3368_part2.dpatch: fix same for http
      0.9 protocol

  [ Steve Beattie ]
  * SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674)
    - debian/patches/213_CVE-2011-3348.dpatch: return
      HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested
    - CVE-2011-3348
  * Include additional fixes for regressions introduced by
    CVE-2011-3192 fixes
    - debian/patches/084_CVE-2011-3192_regression_part2.dpatch:
      take upstream fixes for byterange_filter.c through the 2.2.21
      release except for the added MaxRanges configuration option.
 -- Steve Beattie <email address hidden>   Wed, 02 Nov 2011 19:43:46 -0700
Superseded in lucid-updates
Superseded in lucid-security 
apache2 (2.2.14-5ubuntu8.7) lucid-security; urgency=low

  [ Michael Jeanson ]
  * SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740)
    - debian/patches/212_CVE-2011-3368.dpatch: return 400
      on invalid requests.
    - debian/patches/214_CVE-2011-3368_part2.dpatch: fix same for http
      0.9 protocol
    - CVE-2011-3368

  [ Steve Beattie ]
  * SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674)
    - debian/patches/213_CVE-2011-3348.dpatch: return
      HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested
    - CVE-2011-3348
  * SECURITY UPDATE: mpm-itk failure to drop privileges in certain
    configurations
    - debian/mpm-itk/patches/11-CVE-2011-1176.patch: merge
      configurations correctly
    - CVE-2011-1176
  * Include additional fixes for regressions introduced by
    CVE-2011-3192 fixes
    - debian/patches/215_CVE-2011-3192_regression_part2.dpatch:
      take upstream fixes for byterange_filter.c through the 2.2.21
      release except for the added MaxRanges configuration option along
      with a fix staged for 2.2.22.
 -- Steve Beattie <email address hidden>   Wed, 02 Nov 2011 17:27:07 -0700
Superseded in maverick-updates
Superseded in maverick-security 
apache2 (2.2.16-1ubuntu3.4) maverick-security; urgency=low

  * SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740)
    - debian/patches/212_CVE-2011-3368.dpatch: return 400
      on invalid requests. (patch courtesy of Michael Jeanson)
    - debian/patches/214_CVE-2011-3368_part2.dpatch: fix same for http
      0.9 protocol
    - CVE-2011-3368
  * SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674)
    - debian/patches/213_CVE-2011-3348.dpatch: return
      HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested
    - CVE-2011-3348
  * SECURITY UPDATE: mpm-itk failure to drop privileges in certain
    configurations
    - debian/mpm-itk/patches/11-CVE-2011-1176.patch: merge
      configurations correctly
    - CVE-2011-1176
  * Include additional fixes for regressions introduced by
    CVE-2011-3192 fixes
    - debian/patches/085_CVE-2011-3192_regression_part2.dpatch:
      take upstream fixes for byterange_filter.c through the 2.2.21
      release except for the added MaxRanges configuration option along
      with a fix staged for 2.2.22.
 -- Steve Beattie <email address hidden>   Wed, 02 Nov 2011 17:23:07 -0700
Superseded in natty-updates
Superseded in natty-security 
apache2 (2.2.17-1ubuntu1.4) natty-security; urgency=low

  * SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740)
    - debian/patches/212_CVE-2011-3368.dpatch: return 400
      on invalid requests. (patch courtesy of Michael Jeanson)
    - debian/patches/214_CVE-2011-3368_part2.dpatch: fix same for http
      0.9 protocol
    - CVE-2011-3368
  * SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674)
    - debian/patches/213_CVE-2011-3348.dpatch: return
      HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested
    - CVE-2011-3348
  * SECURITY UPDATE: mpm-itk failure to drop privileges in certain
    configurations
    - debian/mpm-itk/patches/11-CVE-2011-1176.patch: merge
      configurations correctly
    - CVE-2011-1176
  * Include additional fixes for regressions introduced by
    CVE-2011-3192 fixes
    - debian/patches/084_CVE-2011-3192_regression_part2.dpatch:
      take upstream fixes for byterange_filter.c through the 2.2.21
      release except for the added MaxRanges configuration option along
      with a fix staged for 2.2.22.
 -- Steve Beattie <email address hidden>   Wed, 02 Nov 2011 17:21:04 -0700
Superseded in precise-release 
apache2 (2.2.21-2ubuntu1) precise; urgency=low

  * Merge from debian unstable.  Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.
Superseded in precise-release
Obsolete in oneiric-release 
apache2 (2.2.20-1ubuntu1) oneiric; urgency=low

  * Merge from debian unstable to fix CVE-2011-3192 (LP: #837991).
    Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.
 -- Steve Beattie <email address hidden>   Tue, 06 Sep 2011 01:17:15 -0700
Superseded in lucid-updates
Superseded in lucid-security 
apache2 (2.2.14-5ubuntu8.6) lucid-security; urgency=low

  * SECURITY UPDATE: Range header DoS vulnerability
    - debian/patches/207_CVE-2011-3192.dpatch: filter out large
      byte ranges and improve memory efficiency in handling buckets.
      (thanks to Debian and upstream)
    - CVE-2011-3192
  * Include fix for regressions introduced by above patch:
    - debian/patches/208_CVE-2011-3192_regression.dpatch: return 206
      and 416 response codes where appropriate (see deban bug 639825)
 -- Steve Beattie <email address hidden>   Thu, 01 Sep 2011 01:52:17 -0700
Superseded in hardy-updates
Superseded in hardy-security 
apache2 (2.2.8-1ubuntu0.21) hardy-security; urgency=low

  * SECURITY UPDATE: Range header DoS vulnerability
    * debian/patches/214_CVE-2011-3192.dpatch: filter out large
      byte ranges and improve memory efficiency in handling buckets.
      (thanks to Debian and upstream)
    * CVE-2011-3192
  * Include fix for regressions introduced by above patch:
    - debian/patches/084_CVE-2011-3192_regression.dpatch: return 206
      and 416 response codes where appropriate (see deban bug 639825)
 -- Steve Beattie <email address hidden>   Thu, 01 Sep 2011 01:53:46 -0700
Superseded in maverick-updates
Superseded in maverick-security 
apache2 (2.2.16-1ubuntu3.3) maverick-security; urgency=low

  * SECURITY UPDATE: Range header DoS vulnerability
    - debian/patches/084_CVE-2011-3192.dpatch: filter out large
      byte ranges and improve memory efficiency in handling buckets.
      (thanks to Debian and upstream)
    - CVE-2011-3192
  * Include fix for regressions introduced by above patch:
    - debian/patches/085_CVE-2011-3192_regression.dpatch: return 206
      and 416 response codes where appropriate (see deban bug 639825)
 -- Steve Beattie <email address hidden>   Thu, 01 Sep 2011 01:51:58 -0700
Superseded in natty-updates
Superseded in natty-security 
apache2 (2.2.17-1ubuntu1.2) natty-security; urgency=low

  * SECURITY UPDATE: Range header DoS vulnerability
    - debian/patches/083_CVE-2011-3192.dpatch: filter out large
      byte ranges and improve memory efficiency in handling buckets.
      (thanks to Debian and upstream)
    - CVE-2011-3192
  * Include fix for regressions introduced by above patch:
    - debian/patches/084_CVE-2011-3192_regression.dpatch: return 206
      and 416 response codes where appropriate (see deban bug 639825)
 -- Steve Beattie <email address hidden>   Thu, 01 Sep 2011 01:51:37 -0700
Superseded in oneiric-release 
apache2 (2.2.19-1ubuntu1) oneiric; urgency=low

  * Merge from debian unstable (LP: #787013). Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.
 -- Andres Rodriguez <email address hidden>   Mon, 23 May 2011 10:16:09 -0400

Available diffs

Obsolete in dapper-updates
Obsolete in dapper-security 
apache2 (2.0.55-4ubuntu2.13) dapper-security; urgency=low

  * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
    apache's mod_index
    - debian/patches/122_fnmatch_CVE-2011-0419.patch: rewrite
      apr_fnmatch to have a better time bounds on execution.
    - CVE-2011-0419
    - debian/patches/123_fnmatch_CVE-2011-1928.patch: fix possible
      DoS introduced by patch for CVE-2011-0419.
    - CVE-2011-1928
 -- Steve Beattie <email address hidden>   Sun, 22 May 2011 21:17:32 -0700
Superseded in oneiric-release 
apache2 (2.2.17-3ubuntu1) oneiric; urgency=low

  * Merge from debian unstable.  Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.
Superseded in oneiric-release
Obsolete in natty-release 
apache2 (2.2.17-1ubuntu1) natty; urgency=low

  * Merge from debian unstable, remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.
 -- Chuck Short <email address hidden>   Tue, 22 Feb 2011 13:02:08 -0500

Available diffs

Superseded in natty-release 
apache2 (2.2.16-6ubuntu3) natty; urgency=low

  * debian/rules: Don't use "-fno-strict-aliasing" since it causes
    apache FTBFS on amd64. (LP: #711293)
 -- Chuck Short <email address hidden>   Tue, 01 Feb 2011 10:19:55 -0500

Available diffs

Superseded in natty-release 
apache2 (2.2.16-6ubuntu2) natty; urgency=low

  * debian/rules: Use "-fno-strict-aliasing" to work around a gcc bug.
   (LP: #697105)
 -- Chuck Short <email address hidden>   Tue, 25 Jan 2011 11:14:58 -0500

Available diffs

Superseded in natty-release 
apache2 (2.2.16-6ubuntu1) natty; urgency=low

  * Merge from debian unstable.  Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.
Superseded in natty-release 
apache2 (2.2.16-4ubuntu2) natty; urgency=low

  [Clint Byrum]
  * Adding plymouth aware passphrase dialog program ask-for-passphrase.
    (LP: #582963)
    + debian/control: apache2.2-common depends on bash for ask-for-passphrase
    + debian/config-dir/mods-available/ssl.conf:
      - SSLPassPhraseDialog now uses exec:/usr/share/apache2/ask-for-passhrase

  [Chuck Short]
  * Add apport hook. (LP: #609177)
    + debian/apache2.py, debian/apache2.2-common.install
 -- Chuck Short <email address hidden>   Mon, 22 Nov 2010 09:43:43 -0500
Superseded in dapper-updates
Superseded in dapper-security 
apache2 (2.0.55-4ubuntu2.12) dapper-security; urgency=low

  * SECURITY UPDATE: denial of service via request that lacks a path in
    mod_dav.
    - debian/patches/120_CVE-2010-1452.dpatch: fix path handling in
      modules/dav/main/util.c.
    - CVE-2010-1452
  * SECURITY UPDATE: denial of service via memory leak in
    apr_brigade_split_line function.
    - debian/patches/121_CVE-2010-1623.dpatch: properly destroy bucket in
      srclib/apr-util/buckets/apr_brigade.c.
    - CVE-2010-1623
 -- Marc Deslauriers <email address hidden>   Thu, 18 Nov 2010 14:39:06 -0500
Superseded in hardy-updates
Superseded in hardy-security 
apache2 (2.2.8-1ubuntu0.19) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service via request that lacks a path in
    mod_dav.
    - debian/patches/213_CVE-2010-1452.dpatch: fix path handling in
      modules/dav/main/util.c.
    - CVE-2010-1452
 -- Marc Deslauriers <email address hidden>   Thu, 18 Nov 2010 14:25:56 -0500
Obsolete in karmic-updates
Obsolete in karmic-security 
apache2 (2.2.12-1ubuntu2.4) karmic-security; urgency=low

  * SECURITY UPDATE: denial of service via request that lacks a path in
    mod_dav.
    - debian/patches/906_CVE-2010-1452.dpatch: fix path handling in
      modules/dav/main/util.c.
    - CVE-2010-1452
 -- Marc Deslauriers <email address hidden>   Thu, 18 Nov 2010 14:02:43 -0500
Superseded in lucid-updates
Superseded in lucid-security 
apache2 (2.2.14-5ubuntu8.4) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via request that lacks a path in
    mod_cache and mod_dav.
    - debian/patches/201_CVE-2010-1452.dpatch: fix path handling in
      modules/cache/cache_storage.c and modules/dav/main/util.c.
    - CVE-2010-1452
 -- Marc Deslauriers <email address hidden>   Thu, 18 Nov 2010 13:10:01 -0500
Superseded in maverick-updates
Superseded in maverick-security 
apache2 (2.2.16-1ubuntu3.1) maverick-security; urgency=low

  * SECURITY UPDATE: denial of service via memory leak in mod_reqtimeout.
    - debian/patches/204_CVE-2010-1623.dpatch: merge by small buckets to
      prevent high memory usage in modules/filters/mod_reqtimeout.c.
    - CVE-2010-1623
 -- Marc Deslauriers <email address hidden>   Thu, 18 Nov 2010 12:59:47 -0500
Superseded in natty-release 
apache2 (2.2.16-4ubuntu1) natty; urgency=low

  * Merge from debian unstable.  Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
Superseded in natty-release 
apache2 (2.2.16-3ubuntu1) natty; urgency=low

  * Merge from debian unstable.  Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree.
Superseded in lucid-updates
Deleted in lucid-proposed (Reason: moved to -updates) 
apache2 (2.2.14-5ubuntu8.3) lucid-proposed; urgency=low

  * debian/apache2.2-common.postinst: Don't fail if you can load the reqtimeout module.
    (LP: #621837)
  * debian/patches/Backport fix for upstream bug PR 45444: https://issues.apache.org/bugzilla/show_bug.cgi?id=45444. (LP: #609290, #589611, #595116)
 -- Chuck Short <email address hidden>   Mon, 27 Sep 2010 14:06:57 -0400
Superseded in natty-release
Obsolete in maverick-release 
apache2 (2.2.16-1ubuntu3) maverick; urgency=low

  * Revert "stty sane" to unbreak apache starting, this will have to be
    fixed a different way. (LP: #626723)
 -- Chuck Short <email address hidden>   Wed, 08 Sep 2010 08:33:17 -0400

Available diffs

Superseded in maverick-release 
apache2 (2.2.16-1ubuntu2) maverick; urgency=low

  * debian/apache2.2-common.apache2.init: Add stty sane so that users will get a
    password prompt when using apache-ssl. (LP: #582963)
 -- Chuck Short <email address hidden>   Wed, 25 Aug 2010 09:25:05 -0400

Available diffs

226300 of 421 results FirstLast