apache2 2.0.55-4ubuntu2.9 source package in Ubuntu
Changelog
apache2 (2.0.55-4ubuntu2.9) dapper-security; urgency=low
* SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations.
Partial fix for CVE-2009-3555. Configurations requiring renegotiation
of per-directory/location access controls are still affected until
OpenSSL is updated.
- debian/patches/115_CVE-2009-3555.patch: disable all client
renegotiations
- based on http://www.apache.org/dist/httpd/patches/apply_to_2.2.14/CVE-2009-3555-2.2.patch
- CVE-2009-3555
* SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module
- debian/patches/116-CVE-2009-3094.patch: fix NULL pointer dereference
in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread
in EPSV response parser
- based on http://svn.apache.org/viewvc?revision=814652&view=revision
- CVE-2009-3094
* SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when
configured as a reverse proxy
- debian/patches/117-CVE-2009-3095.patch: adjust proxy_ftp_handler()
in mod_proxy_ftp.c to fail if the decoded Basic credentials contain
special characters.
- based on http://svn.apache.org/viewvc?revision=814045&view=revision
- CVE-2009-3095
-- Jamie Strandboge <email address hidden> Thu, 12 Nov 2009 15:45:14 -0600
Upload details
- Uploaded by:
- Jamie Strandboge
- Uploaded to:
- Dapper
- Original maintainer:
- Debian Apache Maintainers
- Architectures:
- any
- Section:
- net
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| apache2_2.0.55.orig.tar.gz | 5.8 MiB | 39bf7b4300f684673e0a33db981255285363565a8813f7fcd61944eb13998208 |
| apache2_2.0.55-4ubuntu2.9.diff.gz | 127.6 KiB | 83940fdbe02185f1f5d48158c17f4852b0974009baae14ff1e530811013ba96d |
| apache2_2.0.55-4ubuntu2.9.dsc | 1.1 KiB | 733e4068872187a89667543474a10bdc6b0ccf197fb72926a4c080de4dffe244 |
Available diffs
Binary packages built by this source
- apache2: No summary available for apache2 in ubuntu dapper.
No description available for apache2 in ubuntu dapper.
- apache2-common: No summary available for apache2-common in ubuntu dapper.
No description available for apache2-common in ubuntu dapper.
- apache2-doc: No summary available for apache2-doc in ubuntu dapper.
No description available for apache2-doc in ubuntu dapper.
- apache2-mpm-perchild: No summary available for apache2-mpm-perchild in ubuntu dapper.
No description available for apache2-
mpm-perchild in ubuntu dapper.
- apache2-mpm-prefork: No summary available for apache2-mpm-prefork in ubuntu dapper.
No description available for apache2-mpm-prefork in ubuntu dapper.
- apache2-mpm-worker: No summary available for apache2-mpm-worker in ubuntu dapper.
No description available for apache2-mpm-worker in ubuntu dapper.
- apache2-prefork-dev: No summary available for apache2-prefork-dev in ubuntu dapper.
No description available for apache2-prefork-dev in ubuntu dapper.
- apache2-threaded-dev: No summary available for apache2-threaded-dev in ubuntu dapper.
No description available for apache2-
threaded- dev in ubuntu dapper.
- apache2-utils: No summary available for apache2-utils in ubuntu dapper.
No description available for apache2-utils in ubuntu dapper.
- libapr0: No summary available for libapr0 in ubuntu dapper.
No description available for libapr0 in ubuntu dapper.
- libapr0-dev: No summary available for libapr0-dev in ubuntu dapper.
No description available for libapr0-dev in ubuntu dapper.
