libapache-mod-ssl 2.8.18-1ubuntu1 source package in Ubuntu

Changelog

libapache-mod-ssl (2.8.18-1ubuntu1) warty-security; urgency=low


  * SECURITY UPDATE: Multiple mod_ssl vulnerabilities.
    - Backport a patch from 2.8.24-1.3.33, resolving an issue where the
      context of the SSLVerifyClient directive is not honoured within a
      <Location> nested in a <VirtualHost>, and is ignored; CAN-2005-2700
    - Backport a patch from 2.8.19-1.3.31, resolving a format string
      vulnerability in the ssl_log functionl; see CAN-2004-0700
    - Backport patches from 2.8.20-1.3.31, resolving a string format
      issues which could result in a remote DoS when the server crashes.
    - Backport another patch from 2.8.20-1.3.31, preventing session
      resumption during a renegotiation to force the client to negotiate a
      new (and acceptable to mod_ssl) cipher suite. Additionally, ensure that
      a correct cipher suite has been negotiated afterwards; CAN-2004-0885

 -- Adam Conrad <email address hidden>  Tue,  6 Sep 2005 16:44:07 +1000