Format: 1.8 Date: Wed, 02 Nov 2011 17:27:07 -0700 Source: apache2 Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg Architecture: powerpc Version: 2.2.14-5ubuntu8.7 Distribution: lucid Urgency: low Maintainer: Ubuntu/powerpc Build Daemon Changed-By: Steve Beattie Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-itk - multiuser MPM for Apache 2.2 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-bin - Apache HTTP Server common binary files apache2.2-common - Apache HTTP Server common files Launchpad-Bugs-Fixed: 871674 877740 Changes: apache2 (2.2.14-5ubuntu8.7) lucid-security; urgency=low . [ Michael Jeanson ] * SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740) - debian/patches/212_CVE-2011-3368.dpatch: return 400 on invalid requests. - debian/patches/214_CVE-2011-3368_part2.dpatch: fix same for http 0.9 protocol - CVE-2011-3368 . [ Steve Beattie ] * SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674) - debian/patches/213_CVE-2011-3348.dpatch: return HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested - CVE-2011-3348 * SECURITY UPDATE: mpm-itk failure to drop privileges in certain configurations - debian/mpm-itk/patches/11-CVE-2011-1176.patch: merge configurations correctly - CVE-2011-1176 * Include additional fixes for regressions introduced by CVE-2011-3192 fixes - debian/patches/215_CVE-2011-3192_regression_part2.dpatch: take upstream fixes for byterange_filter.c through the 2.2.21 release except for the added MaxRanges configuration option along with a fix staged for 2.2.22. Checksums-Sha1: 178358a974223dad0a4bd7e27c4714abff1103d6 290806 apache2.2-common_2.2.14-5ubuntu8.7_powerpc.deb 02460b789867f8f15e0e662096721367d9f2e5ca 2780604 apache2.2-bin_2.2.14-5ubuntu8.7_powerpc.deb aed65f42695a3a42a8074f1da6f97590c3b73572 2372 apache2-mpm-worker_2.2.14-5ubuntu8.7_powerpc.deb 3b1b78927a596624b8112046d9e0d276c72d0ef0 2434 apache2-mpm-prefork_2.2.14-5ubuntu8.7_powerpc.deb 6031dca70bff8dbb85b212db8ced15c450bcb1a5 2402 apache2-mpm-event_2.2.14-5ubuntu8.7_powerpc.deb 25c13aae40c45b7d00decd3649bd95786571523f 2426 apache2-mpm-itk_2.2.14-5ubuntu8.7_powerpc.deb a1fe701f469c293ddc6641582881fef1b31e7d13 166502 apache2-utils_2.2.14-5ubuntu8.7_powerpc.deb 216a1dc8ad22530b6ea0afbdb8567e69af16fb89 95690 apache2-suexec_2.2.14-5ubuntu8.7_powerpc.deb 30bf37629a4c0e38db454978c3174031c3c24ee1 97356 apache2-suexec-custom_2.2.14-5ubuntu8.7_powerpc.deb 9f50f65661a8de457acc25c9e9a72b6e43f143aa 1488 apache2_2.2.14-5ubuntu8.7_powerpc.deb fbf565b4e6030aadedfd55e85b3fffccd0c4baa3 136282 apache2-prefork-dev_2.2.14-5ubuntu8.7_powerpc.deb 5218e6a5d6a3bf7708dd493fae405748b26ea47c 137322 apache2-threaded-dev_2.2.14-5ubuntu8.7_powerpc.deb Checksums-Sha256: aeabaedb6f1b333d90b16a2f7f9793416ca1973d8374d9084efc2c0e8768a714 290806 apache2.2-common_2.2.14-5ubuntu8.7_powerpc.deb 51264073ee4e57ce0f5034768c3603aa6c069864432159ce52c5762a1d409355 2780604 apache2.2-bin_2.2.14-5ubuntu8.7_powerpc.deb b4757a2ca2da7a09da39269f1cafe638066e26f4699a6d30cd2f1632abaf0752 2372 apache2-mpm-worker_2.2.14-5ubuntu8.7_powerpc.deb 15d9956af423d4f05570f900db1004e5169d7bdeb4cf6228809437ac08ec15c7 2434 apache2-mpm-prefork_2.2.14-5ubuntu8.7_powerpc.deb 1d10d4f7a4535826250246dd4bd9024e46bd4912a9c6199930146dc1401afc0b 2402 apache2-mpm-event_2.2.14-5ubuntu8.7_powerpc.deb 27951b748ba5b911dba1aeae066a378bdef6d6e7017892c70238ddbe63c9d7ed 2426 apache2-mpm-itk_2.2.14-5ubuntu8.7_powerpc.deb 95fffae9696a66da2683ab706bfd43af3fbacf23df915f261b78fd25eee518ea 166502 apache2-utils_2.2.14-5ubuntu8.7_powerpc.deb 4a48dbcb8fec607cb009441e8d54ad1e15a8ce363c157abb9da8b5c8e78b43c3 95690 apache2-suexec_2.2.14-5ubuntu8.7_powerpc.deb 9f831927bfb837bba6076ce858d79f336793ec6a78aa266d3897f71eaa314fe2 97356 apache2-suexec-custom_2.2.14-5ubuntu8.7_powerpc.deb 5229aa38568c5f418e9d22a61deffad9b8b0a721fd4814a5bd04cb909feb5eba 1488 apache2_2.2.14-5ubuntu8.7_powerpc.deb 18833c3dfe8240a98b50a4d39acfae255918177eab5cea6f8578fc847bb777a4 136282 apache2-prefork-dev_2.2.14-5ubuntu8.7_powerpc.deb b63c2df9bd88ae468dc6af9e816830559e53c5c055ab32c22b4c0ddeb136d0e1 137322 apache2-threaded-dev_2.2.14-5ubuntu8.7_powerpc.deb Files: 31840b4c44ca0b89065c07262261d14a 290806 httpd optional apache2.2-common_2.2.14-5ubuntu8.7_powerpc.deb f532e2fe66a29511ae9d8404b411165a 2780604 httpd optional apache2.2-bin_2.2.14-5ubuntu8.7_powerpc.deb 25be9666d837c7f29f98162e3f1afcec 2372 httpd optional apache2-mpm-worker_2.2.14-5ubuntu8.7_powerpc.deb 2763b0590f1eaf364cff0b4b81e1341b 2434 httpd optional apache2-mpm-prefork_2.2.14-5ubuntu8.7_powerpc.deb 628ee44f934ea0740bec957a13f3f7a8 2402 httpd optional apache2-mpm-event_2.2.14-5ubuntu8.7_powerpc.deb 08cc72e9c8e940232113fb8602cffe01 2426 httpd extra apache2-mpm-itk_2.2.14-5ubuntu8.7_powerpc.deb 98d7446831759cbddbb2f890ce23ea58 166502 httpd optional apache2-utils_2.2.14-5ubuntu8.7_powerpc.deb a12353d0b8cc7161b9399c89a737e7de 95690 httpd optional apache2-suexec_2.2.14-5ubuntu8.7_powerpc.deb fbe27d286b9e91abdcf0ed94ea767da6 97356 httpd extra apache2-suexec-custom_2.2.14-5ubuntu8.7_powerpc.deb 7462433966220b27168f7bfef9909a3f 1488 httpd optional apache2_2.2.14-5ubuntu8.7_powerpc.deb 45d5f4c0156536fd42610eec39198c35 136282 httpd extra apache2-prefork-dev_2.2.14-5ubuntu8.7_powerpc.deb bb8ae167953f264ac86e3c05021ed8fa 137322 httpd extra apache2-threaded-dev_2.2.14-5ubuntu8.7_powerpc.deb Original-Maintainer: Debian Apache Maintainers Original-Vcs-Browser: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2 Original-Vcs-Svn: svn://svn.debian.org/pkg-apache/trunk/apache2