apache2 2.0.55-4ubuntu2.9 source package in Ubuntu

Changelog

apache2 (2.0.55-4ubuntu2.9) dapper-security; urgency=low

  * SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations.
    Partial fix for CVE-2009-3555. Configurations requiring renegotiation
    of per-directory/location access controls are still affected until
    OpenSSL is updated.
    - debian/patches/115_CVE-2009-3555.patch: disable all client
      renegotiations
    - based on http://www.apache.org/dist/httpd/patches/apply_to_2.2.14/CVE-2009-3555-2.2.patch
    - CVE-2009-3555
  * SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module
    - debian/patches/116-CVE-2009-3094.patch: fix NULL pointer dereference
      in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread
      in EPSV response parser
    - based on http://svn.apache.org/viewvc?revision=814652&view=revision
    - CVE-2009-3094
  * SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when
    configured as a reverse proxy
    - debian/patches/117-CVE-2009-3095.patch: adjust proxy_ftp_handler()
      in mod_proxy_ftp.c to fail if the decoded Basic credentials contain
      special characters.
    - based on http://svn.apache.org/viewvc?revision=814045&view=revision
    - CVE-2009-3095
 -- Jamie Strandboge <email address hidden>   Thu, 12 Nov 2009 15:45:14 -0600

Upload details

Uploaded by:
Jamie Strandboge on 2009-11-12
Uploaded to:
Dapper
Original maintainer:
Debian Apache Maintainers
Architectures:
any
Section:
net
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
apache2_2.0.55.orig.tar.gz 5.8 MiB 39bf7b4300f684673e0a33db981255285363565a8813f7fcd61944eb13998208
apache2_2.0.55-4ubuntu2.9.diff.gz 127.6 KiB 83940fdbe02185f1f5d48158c17f4852b0974009baae14ff1e530811013ba96d
apache2_2.0.55-4ubuntu2.9.dsc 1.1 KiB 733e4068872187a89667543474a10bdc6b0ccf197fb72926a4c080de4dffe244

View changes file

Binary packages built by this source

apache2: No summary available for apache2 in ubuntu dapper.

No description available for apache2 in ubuntu dapper.

apache2-common: No summary available for apache2-common in ubuntu dapper.

No description available for apache2-common in ubuntu dapper.

apache2-doc: No summary available for apache2-doc in ubuntu dapper.

No description available for apache2-doc in ubuntu dapper.

apache2-mpm-perchild: No summary available for apache2-mpm-perchild in ubuntu dapper.

No description available for apache2-mpm-perchild in ubuntu dapper.

apache2-mpm-prefork: No summary available for apache2-mpm-prefork in ubuntu dapper.

No description available for apache2-mpm-prefork in ubuntu dapper.

apache2-mpm-worker: No summary available for apache2-mpm-worker in ubuntu dapper.

No description available for apache2-mpm-worker in ubuntu dapper.

apache2-prefork-dev: No summary available for apache2-prefork-dev in ubuntu dapper.

No description available for apache2-prefork-dev in ubuntu dapper.

apache2-threaded-dev: No summary available for apache2-threaded-dev in ubuntu dapper.

No description available for apache2-threaded-dev in ubuntu dapper.

apache2-utils: No summary available for apache2-utils in ubuntu dapper.

No description available for apache2-utils in ubuntu dapper.

libapr0: No summary available for libapr0 in ubuntu dapper.

No description available for libapr0 in ubuntu dapper.

libapr0-dev: No summary available for libapr0-dev in ubuntu dapper.

No description available for libapr0-dev in ubuntu dapper.