Format: 1.8 Date: Wed, 02 Nov 2011 17:27:07 -0700 Source: apache2 Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg Architecture: ia64 Version: 2.2.14-5ubuntu8.7 Distribution: lucid Urgency: low Maintainer: Ubuntu/ia64 Build Daemon Changed-By: Steve Beattie Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-itk - multiuser MPM for Apache 2.2 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-bin - Apache HTTP Server common binary files apache2.2-common - Apache HTTP Server common files Launchpad-Bugs-Fixed: 871674 877740 Changes: apache2 (2.2.14-5ubuntu8.7) lucid-security; urgency=low . [ Michael Jeanson ] * SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740) - debian/patches/212_CVE-2011-3368.dpatch: return 400 on invalid requests. - debian/patches/214_CVE-2011-3368_part2.dpatch: fix same for http 0.9 protocol - CVE-2011-3368 . [ Steve Beattie ] * SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674) - debian/patches/213_CVE-2011-3348.dpatch: return HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested - CVE-2011-3348 * SECURITY UPDATE: mpm-itk failure to drop privileges in certain configurations - debian/mpm-itk/patches/11-CVE-2011-1176.patch: merge configurations correctly - CVE-2011-1176 * Include additional fixes for regressions introduced by CVE-2011-3192 fixes - debian/patches/215_CVE-2011-3192_regression_part2.dpatch: take upstream fixes for byterange_filter.c through the 2.2.21 release except for the added MaxRanges configuration option along with a fix staged for 2.2.22. Checksums-Sha1: 565d661ec249198edf14387fd3df7d0324d08382 290824 apache2.2-common_2.2.14-5ubuntu8.7_ia64.deb 268379b5e193f3fe347846cf0e8727db82cb2e52 3165314 apache2.2-bin_2.2.14-5ubuntu8.7_ia64.deb 900a0e6f3315b1edafec93aa69b96c690361f9cc 2368 apache2-mpm-worker_2.2.14-5ubuntu8.7_ia64.deb 1f7ff99734cb8edbedd7bd9859e9a2a58f2f149f 2428 apache2-mpm-prefork_2.2.14-5ubuntu8.7_ia64.deb d3eebe64b00a37d647d5ae1f117418baec54ded7 2402 apache2-mpm-event_2.2.14-5ubuntu8.7_ia64.deb adb526b9ccd77e9cd18a436ddd35f7b76774319a 2426 apache2-mpm-itk_2.2.14-5ubuntu8.7_ia64.deb ccd29afa5523fbc6daf118ba04fa1b0e6e03882d 176674 apache2-utils_2.2.14-5ubuntu8.7_ia64.deb a49e8a77a14111eff310ba959fb506b82b46267d 97256 apache2-suexec_2.2.14-5ubuntu8.7_ia64.deb 0e7d1338e2f1637d6e16049dcbcecc58c08a4e6b 99044 apache2-suexec-custom_2.2.14-5ubuntu8.7_ia64.deb ba0cbeb650198fc0ecfbdb506820faa1610996c0 1484 apache2_2.2.14-5ubuntu8.7_ia64.deb d92c2aff00fbd218d28871f52657aad47263ddba 136276 apache2-prefork-dev_2.2.14-5ubuntu8.7_ia64.deb 31ee3b62c57d5da8d2d420715e821771ff31c998 137312 apache2-threaded-dev_2.2.14-5ubuntu8.7_ia64.deb Checksums-Sha256: a831a16bb04e671636faeab7999bb4e4fb3f1fffa1c904f5eee57bf299dfba12 290824 apache2.2-common_2.2.14-5ubuntu8.7_ia64.deb bb3536f3f7f6984a402b154b767c178e0768c70470ac85b6a966a98648c785a5 3165314 apache2.2-bin_2.2.14-5ubuntu8.7_ia64.deb ca62003441efa2020eb1a7f3f56727fed6706934e528ab256666f04ede46eb2b 2368 apache2-mpm-worker_2.2.14-5ubuntu8.7_ia64.deb de22bee82943dc8ce3bdf2446feb97eb476f70be5a1cc975b6f6078664bb14f3 2428 apache2-mpm-prefork_2.2.14-5ubuntu8.7_ia64.deb 98df143026d71ee1efc547b0144b7cf17a213a3dbfc59f248a4c52a2c10c0711 2402 apache2-mpm-event_2.2.14-5ubuntu8.7_ia64.deb 8ff366cc947eb8254da4373a014dab51ca68f44a7540aa73d2f42996a9650685 2426 apache2-mpm-itk_2.2.14-5ubuntu8.7_ia64.deb f4888b241c54d9ad86727632ece75deef3a05fe5ef7306eaaadc15733c76de7d 176674 apache2-utils_2.2.14-5ubuntu8.7_ia64.deb d3f6a0e63f7e25dfb33647a49aa02850665eea79ba7aaff5144fb1325572ca3a 97256 apache2-suexec_2.2.14-5ubuntu8.7_ia64.deb 8b663756f8ef01f175e34dce0a950e8cd41919db3fdb45c70e82e1dd1ff7042c 99044 apache2-suexec-custom_2.2.14-5ubuntu8.7_ia64.deb 48cbdc6b93adb891c791ad4b3d4f5c66518f13d8e456eb4f85764bd732926733 1484 apache2_2.2.14-5ubuntu8.7_ia64.deb 6d860337a347fc94ed7e9525660100215c319eced8a05d3b11d7aace075da8b0 136276 apache2-prefork-dev_2.2.14-5ubuntu8.7_ia64.deb 0fc8cbc277f9c6cab0b373380b8c506435cf4c960ea52afea76df09e45f92537 137312 apache2-threaded-dev_2.2.14-5ubuntu8.7_ia64.deb Files: def241b32992300ef4de13bdc5972030 290824 httpd optional apache2.2-common_2.2.14-5ubuntu8.7_ia64.deb e0a100b9743b0811b40c89c1bd7e297e 3165314 httpd optional apache2.2-bin_2.2.14-5ubuntu8.7_ia64.deb d16cacaf6f9eab970ab3d7d247431ac4 2368 httpd optional apache2-mpm-worker_2.2.14-5ubuntu8.7_ia64.deb 48e4021927ade0a78552dd8ec3662ff0 2428 httpd optional apache2-mpm-prefork_2.2.14-5ubuntu8.7_ia64.deb df333532fd304dff01e9b1eeebd0e674 2402 httpd optional apache2-mpm-event_2.2.14-5ubuntu8.7_ia64.deb 829f1d9ec0948b884a7ed53a2428c79b 2426 httpd extra apache2-mpm-itk_2.2.14-5ubuntu8.7_ia64.deb e2bf558f7c134edb4e528d42d14e84b2 176674 httpd optional apache2-utils_2.2.14-5ubuntu8.7_ia64.deb 1179c47e844bd89cf51f6c28fd442ace 97256 httpd optional apache2-suexec_2.2.14-5ubuntu8.7_ia64.deb a5c2a93f8146ec70660921010eafd056 99044 httpd extra apache2-suexec-custom_2.2.14-5ubuntu8.7_ia64.deb 9440cef5d7da5628adda6766caf1db02 1484 httpd optional apache2_2.2.14-5ubuntu8.7_ia64.deb d73b46062d6ba55534338b7f67cba6f1 136276 httpd extra apache2-prefork-dev_2.2.14-5ubuntu8.7_ia64.deb 314dd90991a74441b9d8ab9a37304817 137312 httpd extra apache2-threaded-dev_2.2.14-5ubuntu8.7_ia64.deb Original-Maintainer: Debian Apache Maintainers Original-Vcs-Browser: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2 Original-Vcs-Svn: svn://svn.debian.org/pkg-apache/trunk/apache2