-
apache2 (2.2.22-6ubuntu5.1) raring-security; urgency=low
* SECURITY UPDATE: log file poisoning via mod_rewrite (LP: #1188069)
- debian/patches/CVE-2013-1862.patch: properly escape items in
modules/mappers/mod_rewrite.c.
- CVE-2013-1862
* SECURITY UPDATE: denial of service via MERGE request
- debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
in modules/dav/main/mod_dav.c.
- CVE-2013-1896
-- Marc Deslauriers <email address hidden> Fri, 12 Jul 2013 08:29:24 -0400
-
apache2 (2.2.22-6ubuntu5) raring; urgency=low
* SECURITY UPDATE: multiple cross-site scripting issues
- debian/patches/CVE-2012-3499_4558.patch: properly escape html in
modules/generators/{mod_info.c,mod_status.c},
modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
- CVE-2012-3499
- CVE-2012-4558
* SECURITY UPDATE: symlink attack in apache2ctl script
- debian/apache2ctl: introduce and use a safer mkdir_chown() function.
- Thanks to Stefan Fritsch for the fix.
- CVE-2013-1048
-- Marc Deslauriers <email address hidden> Fri, 15 Mar 2013 07:59:58 -0400
-
apache2 (2.2.22-6ubuntu4) raring; urgency=low
* Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to configure.
* Skip module sanity check between MPMs if cross-building without the
kernel/binfmt support to run our target binaries on the build system.
* Backport several cross fixes from upstream as 086_svn_cross_compiles.
-- Adam Conrad <email address hidden> Wed, 05 Dec 2012 02:21:46 -0700
-
apache2 (2.2.22-6ubuntu3) raring; urgency=low
* SECURITY UPDATE: XSS vulnerability in mod_negotiation
- debian/patches/CVE-2012-2687.patch: escape filenames in
modules/mappers/mod_negotiation.c.
- CVE-2012-2687
* SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
- debian/patches/CVE-2012-4929.patch: backport SSLCompression on|off
directive. Defaults to off as enabling compression enables the CRIME
attack.
- CVE-2012-4929
-- Marc Deslauriers <email address hidden> Thu, 08 Nov 2012 17:56:24 -0500
-
apache2 (2.2.22-6ubuntu2) quantal; urgency=low
* debian/apache2.py
- Update apport hook for python3 ; thanks to Edward Donovan (LP: #1013171)
- Check if this directory exists: /etc/apache2/sites-enabled/
-- Matthieu Baerts (matttbe) <email address hidden> Mon, 16 Jul 2012 10:02:18 +0200