Format: 1.8 Date: Thu, 12 Nov 2009 12:12:56 -0600 Source: apache2 Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg Architecture: lpia Version: 2.2.12-1ubuntu2.1 Distribution: karmic Urgency: low Maintainer: Ubuntu/lpia Build Daemon Changed-By: Jamie Strandboge Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-itk - multiuser MPM for Apache 2.2 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-bin - Apache HTTP Server common binary files apache2.2-common - Apache HTTP Server common files Changes: apache2 (2.2.12-1ubuntu2.1) karmic-security; urgency=low . * SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations. Partial fix for CVE-2009-3555. Configurations requiring renegotiation of per-directory/location access controls are still affected until OpenSSL is updated. - debian/patches/900_CVE-2009-3555.dpatch: disable all client renegotiations - CVE-2009-3555 * SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module - debian/patches/901-CVE-2009-3094.dpatch: fix NULL pointer dereference in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread in EPSV response parser - CVE-2009-3094 * SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when configured as a reverse proxy - debian/patches/902-CVE-2009-3095.dpatch: adjust proxy_ftp_handler() in mod_proxy_ftp.c to fail if the decoded Basic credentials contain special characters. - CVE-2009-3095 Checksums-Sha1: 56a75d6bd50184db125f271bd272c8a442f4d668 1290606 apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb f68541691c0df1ad544311dd04246615bb1ff1c3 155090 apache2-utils_2.2.12-1ubuntu2.1_lpia.deb 060943a566600a247c84a757bee2a3827c5d1428 90312 apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb 3bfed0df9d87a76bf7b8fc8aaed2479f7b33412a 91830 apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb 5260749b28c9dafe499a97cb50f79aaa0f6ba5db 137088 apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb 89c4fdd24eb0a255efd09860f1d084159de4f397 138192 apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb Checksums-Sha256: 19e088828318272e1ed7367c5e9c4807f3917c453c3ff9b8c0cde20272adf97b 1290606 apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb a492fd4be4ded4ce4fd1f6c6a3d2adc1ba757476bf7e67604ab6603ea90e11a4 155090 apache2-utils_2.2.12-1ubuntu2.1_lpia.deb 595bef6493622ec8b006214fb57eddf3810f8fcb92b3e0f8cd1b3651c843978c 90312 apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb f39ddf742f01c2373f5c0bd044cd121b6d58d0713c48566171efd538b397389b 91830 apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb 66a53eac09163ead4653469d133960f9547c2793d328945183f8061aa23e62ea 137088 apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb 5d2062f3f15dde45a7fdef32e36b4786d445df8e21e2bd92c0e1d56ce5c0b2cb 138192 apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb Files: 4c51de07f5a6fe9612de45369e6f35a5 1290606 httpd optional apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb af8272dc794250c30cd2f66b82486dc2 155090 httpd optional apache2-utils_2.2.12-1ubuntu2.1_lpia.deb 9e68bd8111503135a4eae7265b0084ae 90312 httpd optional apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb 06866386df811127f4fd71d6fb2a9e2a 91830 httpd extra apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb 571e9f0370b5687acff25f71c4efe33e 137088 httpd extra apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb 816a6e033f02114553bbb3627b9c6f9c 138192 httpd extra apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb Original-Maintainer: Debian Apache Maintainers