Ubuntu

“apache2” 2.2.8-1ubuntu0.23 source package in The Hardy Heron

Publishing history

2.2.8-1ubuntu0.23
SUPERSEDED: Hardy pocket Updates in component main and section web
  • Removed from disk on 2012-11-10.
  • Removal requested on 2012-11-09.
  • Superseded on 2012-11-08 by apache2 - 2.2.8-1ubuntu0.24
  • Published on 2012-02-16
  • Copied from ubuntu hardy in Private PPA for Ubuntu Security Team
2.2.8-1ubuntu0.23
SUPERSEDED: Hardy pocket Security in component main and section web
  • Removed from disk on 2012-11-10.
  • Removal requested on 2012-11-09.
  • Superseded on 2012-11-08 by apache2 - 2.2.8-1ubuntu0.24
  • Published on 2012-02-16
  • Copied from ubuntu hardy in Private PPA for Ubuntu Security Team

Builds

Changelog

apache2 (2.2.8-1ubuntu0.23) hardy-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/220_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/221_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/222_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/223_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053
 -- Marc Deslauriers <email address hidden>   Tue, 14 Feb 2012 10:49:11 -0500