Format: 1.8 Date: Tue, 14 Feb 2012 09:35:36 -0500 Source: apache2 Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg Architecture: amd64 Version: 2.2.20-1ubuntu1.2 Distribution: oneiric Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Marc Deslauriers Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-itk - multiuser MPM for Apache 2.2 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-bin - Apache HTTP Server common binary files apache2.2-common - Apache HTTP Server common files Launchpad-Bugs-Fixed: 811422 Changes: apache2 (2.2.20-1ubuntu1.2) oneiric-security; urgency=low . * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf directive (LP: #811422) - debian/patches/215_CVE-2011-3607.dpatch: validate length in server/util.c. - CVE-2011-3607 * SECURITY UPDATE: another mod_proxy reverse proxy exposure - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c, server/protocol.c. - CVE-2011-4317 * SECURITY UPDATE: denial of service via invalid cookie - debian/patches/217_CVE-2012-0021.dpatch: check name and value in modules/loggers/mod_log_config.c. - CVE-2012-0021 * SECURITY UPDATE: denial of service and possible code execution via type field modification within a scoreboard shared memory segment - debian/patches/218_CVE-2012-0031.dpatch: check type field in server/scoreboard.c. - CVE-2012-0031 * SECURITY UPDATE: cookie disclosure via Bad Request errors - debian/patches/219_CVE-2012-0053.dpatch: check lengths in server/protocol.c. - CVE-2012-0053 Checksums-Sha1: b2352632deebb646d48d01c36f1ff028f7816ca8 229594 apache2.2-common_2.2.20-1ubuntu1.2_amd64.deb 12f49c097d9beb2d33297da0fee36ce4c5d2c567 2737142 apache2.2-bin_2.2.20-1ubuntu1.2_amd64.deb ab2125d13d829393f3df921166573c03120616a5 2294 apache2-mpm-worker_2.2.20-1ubuntu1.2_amd64.deb e659d8e1e07f19c9e55347e1b0b3f575ed9df99e 2402 apache2-mpm-prefork_2.2.20-1ubuntu1.2_amd64.deb 63e6ff00b0f3c7ed2e6675e676542864baab5a7d 2358 apache2-mpm-event_2.2.20-1ubuntu1.2_amd64.deb f6ee712ac69ac8c15fe5201da602cdf074caa2d5 2384 apache2-mpm-itk_2.2.20-1ubuntu1.2_amd64.deb 74fc62ce7d622d462a12d35cbde59b760c03b2ff 86340 apache2-utils_2.2.20-1ubuntu1.2_amd64.deb 2ba915f6416bc8d12f12bc2e4c656533aa562508 15414 apache2-suexec_2.2.20-1ubuntu1.2_amd64.deb c6e180dffe83c6742f69a33ae06ba20e230b1827 17172 apache2-suexec-custom_2.2.20-1ubuntu1.2_amd64.deb 8f3c67737597cd076faa211fc0defd181473eeda 1480 apache2_2.2.20-1ubuntu1.2_amd64.deb 369f6db0de55ef218ba928a864464971b0dec283 138176 apache2-prefork-dev_2.2.20-1ubuntu1.2_amd64.deb 74f2b21afab89551898869dde904e90416f994ff 139300 apache2-threaded-dev_2.2.20-1ubuntu1.2_amd64.deb Checksums-Sha256: f6d36c4fc7d3b38cd30b44a698e1e4540121acf896eb032dba97bf47e4c8659e 229594 apache2.2-common_2.2.20-1ubuntu1.2_amd64.deb 79beb245aa941aae6004ab0c6f166cb8ce8d3c5fff94c3922be10fc79ad44a53 2737142 apache2.2-bin_2.2.20-1ubuntu1.2_amd64.deb 43a4ef021f7055110c16fb4160d0920e837838ba505c444ab6ac65c830aaeb6b 2294 apache2-mpm-worker_2.2.20-1ubuntu1.2_amd64.deb a4ba014c3f94f956d5c9b97c2650f6e3d07b1bd1d42d643187d9db9fa91372ec 2402 apache2-mpm-prefork_2.2.20-1ubuntu1.2_amd64.deb b060cacee1321cde4f520811bfeec08c8daf6484ad7e0534c3d7473ad93fa198 2358 apache2-mpm-event_2.2.20-1ubuntu1.2_amd64.deb 82fcb434292154adcbb87228073037a9fec7cfe73d109715503fac5bf316d8f5 2384 apache2-mpm-itk_2.2.20-1ubuntu1.2_amd64.deb cd285330675a2624f672b6b4757048f78c4d4880ba2d11799b9530acf7494258 86340 apache2-utils_2.2.20-1ubuntu1.2_amd64.deb a3122cd7892736b5e286d83b6ecd06e44dc981d686101f7438d36ef0c2cd85e1 15414 apache2-suexec_2.2.20-1ubuntu1.2_amd64.deb 7c361db5985335b91bf4deb6fb4ad12eb17d1f49a4325e38736145da5f853808 17172 apache2-suexec-custom_2.2.20-1ubuntu1.2_amd64.deb e3daca69aa5f96b3e75568ff64a67bc6c128c6b4dec8c3b794c6c7ed7d1a29c4 1480 apache2_2.2.20-1ubuntu1.2_amd64.deb 01b44b79a18f73356e212712392dbad7f538494675af0a834cdc73862c0a6f1a 138176 apache2-prefork-dev_2.2.20-1ubuntu1.2_amd64.deb 06a5538b18e52b843b33cc172ad7c87f0123a1a87b09a06b484d6775d85965ce 139300 apache2-threaded-dev_2.2.20-1ubuntu1.2_amd64.deb Files: 20fd67685fe4ac1f62e88c6b97ca0fe0 229594 httpd optional apache2.2-common_2.2.20-1ubuntu1.2_amd64.deb e029ab0f010760946bf804bb97df4ab6 2737142 httpd optional apache2.2-bin_2.2.20-1ubuntu1.2_amd64.deb 2dd5cc3d4794a3c2c4b3f75e4b80f1e6 2294 httpd optional apache2-mpm-worker_2.2.20-1ubuntu1.2_amd64.deb 3d60360fc2664963de0474b9c1e537a8 2402 httpd optional apache2-mpm-prefork_2.2.20-1ubuntu1.2_amd64.deb e2f060657b927c4a8b9207c6f056434a 2358 httpd optional apache2-mpm-event_2.2.20-1ubuntu1.2_amd64.deb f22b0c21311dbc4c5587c5d7fa4f19af 2384 httpd extra apache2-mpm-itk_2.2.20-1ubuntu1.2_amd64.deb e91f8d6e4fabbddaa5e1ae3bdf58de9d 86340 httpd optional apache2-utils_2.2.20-1ubuntu1.2_amd64.deb 8edbb32730a291a95a0439883daefcaf 15414 httpd optional apache2-suexec_2.2.20-1ubuntu1.2_amd64.deb 6b724bbab6371c62751394fd390ee425 17172 httpd extra apache2-suexec-custom_2.2.20-1ubuntu1.2_amd64.deb 3ab621f116b211ac4517676c6cd93f6d 1480 httpd optional apache2_2.2.20-1ubuntu1.2_amd64.deb e24c2952e5cc66bd14db11745c2d8192 138176 httpd extra apache2-prefork-dev_2.2.20-1ubuntu1.2_amd64.deb b81208d2616908fc4e0e163d504ea7ca 139300 httpd extra apache2-threaded-dev_2.2.20-1ubuntu1.2_amd64.deb Original-Maintainer: Debian Apache Maintainers Original-Vcs-Browser: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2 Original-Vcs-Svn: svn://svn.debian.org/pkg-apache/trunk/apache2