apache2 2.2.11-2ubuntu2.5 source package in Ubuntu

Changelog

apache2 (2.2.11-2ubuntu2.5) jaunty-security; urgency=low

  * SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations.
    Partial fix for CVE-2009-3555. Configurations requiring renegotiation
    of per-directory/location access controls are still affected until
    OpenSSL is updated.
    - debian/patches/904_CVE-2009-3555.dpatch: disable all client
      renegotiations
    - CVE-2009-3555
  * SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module
    - debian/patches/905-CVE-2009-3094.dpatch: fix NULL pointer dereference
      in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread
      in EPSV response parser
    - CVE-2009-3094
  * SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when
    configured as a reverse proxy
    - debian/patches/906-CVE-2009-3095.dpatch: adjust proxy_ftp_handler()
      in mod_proxy_ftp.c to fail if the decoded Basic credentials contain
      special characters.
    - CVE-2009-3095
 -- Jamie Strandboge <email address hidden>   Thu, 12 Nov 2009 12:46:19 -0600

Upload details

Uploaded by:
Jamie Strandboge on 2009-11-13
Uploaded to:
Jaunty
Original maintainer:
Ubuntu Development Team
Architectures:
any
Section:
web
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
apache2_2.2.11.orig.tar.gz 6.5 MiB 1ba74f9d864d8fbaa41604eba67e51287e7e196b3a4e844e7f3ea7b707dd4c27
apache2_2.2.11-2ubuntu2.5.diff.gz 137.7 KiB 154782a1b6c5285d8ce54965204a3f7140c55a0a8cefd9dfd3b6b54577239f0c
apache2_2.2.11-2ubuntu2.5.dsc 1.8 KiB 5a97dfe5a56bac9ff1e36902d6340643f19fc3030fc3c9ac943256ba05a8ddc9

View changes file

Binary packages built by this source

apache2: No summary available for apache2 in ubuntu jaunty.

No description available for apache2 in ubuntu jaunty.

apache2-doc: No summary available for apache2-doc in ubuntu jaunty.

No description available for apache2-doc in ubuntu jaunty.

apache2-mpm-event: No summary available for apache2-mpm-event in ubuntu jaunty.

No description available for apache2-mpm-event in ubuntu jaunty.

apache2-mpm-prefork: No summary available for apache2-mpm-prefork in ubuntu jaunty.

No description available for apache2-mpm-prefork in ubuntu jaunty.

apache2-mpm-worker: No summary available for apache2-mpm-worker in ubuntu jaunty.

No description available for apache2-mpm-worker in ubuntu jaunty.

apache2-prefork-dev: No summary available for apache2-prefork-dev in ubuntu jaunty.

No description available for apache2-prefork-dev in ubuntu jaunty.

apache2-src: No summary available for apache2-src in ubuntu jaunty.

No description available for apache2-src in ubuntu jaunty.

apache2-suexec: No summary available for apache2-suexec in ubuntu jaunty.

No description available for apache2-suexec in ubuntu jaunty.

apache2-suexec-custom: No summary available for apache2-suexec-custom in ubuntu jaunty.

No description available for apache2-suexec-custom in ubuntu jaunty.

apache2-threaded-dev: No summary available for apache2-threaded-dev in ubuntu jaunty.

No description available for apache2-threaded-dev in ubuntu jaunty.

apache2-utils: No summary available for apache2-utils in ubuntu jaunty.

No description available for apache2-utils in ubuntu jaunty.

apache2.2-common: No summary available for apache2.2-common in ubuntu jaunty.

No description available for apache2.2-common in ubuntu jaunty.