Format: 1.7
Date: Thu, 12 Nov 2009 15:45:14 -0600
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: i386 all
Version: 2.0.55-4ubuntu2.9
Distribution: dapper
Urgency: low
Maintainer: Ubuntu/i386 Build Daemon <buildd@vernadsky.buildd>
Changed-By: Jamie Strandboge <jamie@ubuntu.com>
Description: 
 apache2    - next generation, scalable, extendable web server
 apache2-common - next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2
 apache2-mpm-prefork - traditional model for Apache2
 apache2-mpm-worker - high speed threaded model for Apache2
 apache2-prefork-dev - development headers for apache2
 apache2-threaded-dev - development headers for apache2
 apache2-utils - utility programs for webservers
 libapr0    - the Apache Portable Runtime
 libapr0-dev - development headers for libapr
Changes: 
 apache2 (2.0.55-4ubuntu2.9) dapper-security; urgency=low
 .
   * SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations.
     Partial fix for CVE-2009-3555. Configurations requiring renegotiation
     of per-directory/location access controls are still affected until
     OpenSSL is updated.
     - debian/patches/115_CVE-2009-3555.patch: disable all client
       renegotiations
     - based on http://www.apache.org/dist/httpd/patches/apply_to_2.2.14/CVE-2009-3555-2.2.patch
     - CVE-2009-3555
   * SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module
     - debian/patches/116-CVE-2009-3094.patch: fix NULL pointer dereference
       in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread
       in EPSV response parser
     - based on http://svn.apache.org/viewvc?revision=814652&view=revision
     - CVE-2009-3094
   * SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when
     configured as a reverse proxy
     - debian/patches/117-CVE-2009-3095.patch: adjust proxy_ftp_handler()
       in mod_proxy_ftp.c to fail if the decoded Basic credentials contain
       special characters.
     - based on http://svn.apache.org/viewvc?revision=814045&view=revision
     - CVE-2009-3095
Files: 
 643115e9135b9bf626f3a65cfc5f2ed3 2125884 doc optional apache2-doc_2.0.55-4ubuntu2.9_all.deb
 67b1855dc984e5296ac9580e2a2f0a0c 787870 net optional apache2-common_2.0.55-4ubuntu2.9_i386.deb
 d5d602c75a28873f1cd7523857e0dd80 93410 net optional apache2-utils_2.0.55-4ubuntu2.9_i386.deb
 c487929bbf45b5a4dc3d035d86f7b3a0 203580 net optional apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb
 edf40b0ff5c1824b2d6232da247ce480 204122 net optional apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb
 6267a56fcef78f6300372810ce36ea41 200060 net optional apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb
 bae257127c3d137e407a7db744f3d57a 172876 devel optional apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb
 9dd0e108ab4d3382799b29d901bf4502 173660 devel optional apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb
 e70b7f81859cb92e0c50084e92216526 133484 net optional libapr0_2.0.55-4ubuntu2.9_i386.deb
 43fa2ae3b43c4743c98c45ac22fb0250 263066 libdevel optional libapr0-dev_2.0.55-4ubuntu2.9_i386.deb
 22049e1ea8ea88259ff3f6e94482cfb3 37508 web optional apache2_2.0.55-4ubuntu2.9_i386.deb