Format: 1.8 Date: Wed, 02 Nov 2011 17:21:04 -0700 Source: apache2 Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg Architecture: powerpc Version: 2.2.17-1ubuntu1.4 Distribution: natty Urgency: low Maintainer: Ubuntu/powerpc Build Daemon Changed-By: Steve Beattie Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-itk - multiuser MPM for Apache 2.2 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-bin - Apache HTTP Server common binary files apache2.2-common - Apache HTTP Server common files Launchpad-Bugs-Fixed: 871674 877740 Changes: apache2 (2.2.17-1ubuntu1.4) natty-security; urgency=low . * SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740) - debian/patches/212_CVE-2011-3368.dpatch: return 400 on invalid requests. (patch courtesy of Michael Jeanson) - debian/patches/214_CVE-2011-3368_part2.dpatch: fix same for http 0.9 protocol - CVE-2011-3368 * SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674) - debian/patches/213_CVE-2011-3348.dpatch: return HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested - CVE-2011-3348 * SECURITY UPDATE: mpm-itk failure to drop privileges in certain configurations - debian/mpm-itk/patches/11-CVE-2011-1176.patch: merge configurations correctly - CVE-2011-1176 * Include additional fixes for regressions introduced by CVE-2011-3192 fixes - debian/patches/084_CVE-2011-3192_regression_part2.dpatch: take upstream fixes for byterange_filter.c through the 2.2.21 release except for the added MaxRanges configuration option along with a fix staged for 2.2.22. Checksums-Sha1: a896fdfbf3d9dc331e8a3f1743aab39b6116c3db 220468 apache2.2-common_2.2.17-1ubuntu1.4_powerpc.deb 9bd5ead27c426d716a636f28f967f050f197324b 2826616 apache2.2-bin_2.2.17-1ubuntu1.4_powerpc.deb 070d499ca9b231827be10f7621015de66206bc6a 2322 apache2-mpm-worker_2.2.17-1ubuntu1.4_powerpc.deb d276e1c010cc3610679cb23b919521e0206ed765 2380 apache2-mpm-prefork_2.2.17-1ubuntu1.4_powerpc.deb af97a6c5520a7dd65f6fab701961d4209091b75c 2350 apache2-mpm-event_2.2.17-1ubuntu1.4_powerpc.deb c8581b915b010127e3014111aa692758e6fc97a1 2374 apache2-mpm-itk_2.2.17-1ubuntu1.4_powerpc.deb fac3a9668d06278d8265714466933beba3db16b7 88864 apache2-utils_2.2.17-1ubuntu1.4_powerpc.deb b1fd3b70789dad8ae79decfa93996a504afa0ecd 20448 apache2-suexec_2.2.17-1ubuntu1.4_powerpc.deb abe64d9e0c4d384a0461c55650216b39019397fa 22142 apache2-suexec-custom_2.2.17-1ubuntu1.4_powerpc.deb 9e6f174d754066b8437abaf1fc92e4e65478a7c8 1486 apache2_2.2.17-1ubuntu1.4_powerpc.deb e37ebb84b934928e98cdd5e17a3a176ab5075ede 136486 apache2-prefork-dev_2.2.17-1ubuntu1.4_powerpc.deb 51f895b1c955ade4122ec7be99da95f0d04bd04c 137524 apache2-threaded-dev_2.2.17-1ubuntu1.4_powerpc.deb Checksums-Sha256: 42b7487a3f80bfa0a03e09e19bdb6d94ada2b5b8e497eeeff26db40dcc045717 220468 apache2.2-common_2.2.17-1ubuntu1.4_powerpc.deb 7bf04d3438d6e9bf9e667e9a0f23a0815f99c6c219ed6420c8d264b8c1b53a26 2826616 apache2.2-bin_2.2.17-1ubuntu1.4_powerpc.deb 47c794dc34bb3463366a477f862454c6afd8d12b06316117f9649f307bfc70e7 2322 apache2-mpm-worker_2.2.17-1ubuntu1.4_powerpc.deb 64a8d81e86ef826d7cd2b651dfbafe2e458adbe0c935f4eeb08e1ff509565395 2380 apache2-mpm-prefork_2.2.17-1ubuntu1.4_powerpc.deb 1e6aa7c6558c6da0726aca8e7a701b2e64be2dd47a6e7d1c6189e3a4bd8487cf 2350 apache2-mpm-event_2.2.17-1ubuntu1.4_powerpc.deb d96eec79e6205161f79cf59237de1aa92fcfadbe43f5ccc18a2ba7e13eeafcad 2374 apache2-mpm-itk_2.2.17-1ubuntu1.4_powerpc.deb 8300b8bce748f84f83ff89b487695835aac32333ccf6f29df687ddcb5eab72de 88864 apache2-utils_2.2.17-1ubuntu1.4_powerpc.deb 2ed001d6932dea99a7c07f7e67c4b6cb4d45ab767fc0d9c9afe780407e55146e 20448 apache2-suexec_2.2.17-1ubuntu1.4_powerpc.deb 76739fd8b1b4631bb660b7988c36117687a2b9f25582a2e435d1d85d64ff31fe 22142 apache2-suexec-custom_2.2.17-1ubuntu1.4_powerpc.deb ac3abeb3ab5bf9358aa79f1bf0da06aa483e5d52ee062d615238cd3f5abe7132 1486 apache2_2.2.17-1ubuntu1.4_powerpc.deb 180755578e6149bbc6e1eac0927d0ad4f2d20d72c22d7e46b5cb7a7bc97064cc 136486 apache2-prefork-dev_2.2.17-1ubuntu1.4_powerpc.deb 136d0f5c9fdf551fdd03530ea5ef4841d9ef6d1eaef41cc07ec61e30a9db8337 137524 apache2-threaded-dev_2.2.17-1ubuntu1.4_powerpc.deb Files: 196c385937439bdf55faa3ef4eb0bd8e 220468 httpd optional apache2.2-common_2.2.17-1ubuntu1.4_powerpc.deb a3aa2f574c5b8f8462eb55862b6bc438 2826616 httpd optional apache2.2-bin_2.2.17-1ubuntu1.4_powerpc.deb 9a5b3aed28a90a5df30c602cdc5e0646 2322 httpd optional apache2-mpm-worker_2.2.17-1ubuntu1.4_powerpc.deb fa35dd203fa40aefaa36c2b3dad8e5ff 2380 httpd optional apache2-mpm-prefork_2.2.17-1ubuntu1.4_powerpc.deb 646aaf1d7a60657154d8abb17e2eb195 2350 httpd optional apache2-mpm-event_2.2.17-1ubuntu1.4_powerpc.deb 7e846b3d2e804545b908c3a94f90887a 2374 httpd extra apache2-mpm-itk_2.2.17-1ubuntu1.4_powerpc.deb fbfe9f198fcdda71f52bd115f2cf211b 88864 httpd optional apache2-utils_2.2.17-1ubuntu1.4_powerpc.deb 74f32bdfaaef466738dffac4a646f5cb 20448 httpd optional apache2-suexec_2.2.17-1ubuntu1.4_powerpc.deb efce325452c13f2fa7472848b486eef9 22142 httpd extra apache2-suexec-custom_2.2.17-1ubuntu1.4_powerpc.deb 6ca0c6627f85b5de2a63abf8112b50a6 1486 httpd optional apache2_2.2.17-1ubuntu1.4_powerpc.deb 096674abb27aa17d57bf48f79ba5b641 136486 httpd extra apache2-prefork-dev_2.2.17-1ubuntu1.4_powerpc.deb 6f3c660c8c03de3a7c6b9a609a3ca242 137524 httpd extra apache2-threaded-dev_2.2.17-1ubuntu1.4_powerpc.deb Original-Maintainer: Debian Apache Maintainers Original-Vcs-Browser: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2 Original-Vcs-Svn: svn://svn.debian.org/pkg-apache/trunk/apache2