Format: 1.7
Date: Tue, 14 Feb 2012 10:49:11 -0500
Source: apache2
Binary: apache2.2-common apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-perchild apache2-utils apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-src apache2-dbg
Architecture: ia64
Version: 2.2.8-1ubuntu0.23
Distribution: hardy
Urgency: low
Maintainer: Ubuntu/ia64 Build Daemon <buildd@floe.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 apache2    - Next generation, scalable, extendable web server
 apache2-dbg - Apache debugging symbols
 apache2-doc - documentation for apache2
 apache2-mpm-event - Event driven model for Apache HTTPD
 apache2-mpm-perchild - Transitional package - please remove
 apache2-mpm-prefork - Traditional model for Apache HTTPD
 apache2-mpm-worker - High speed threaded model for Apache HTTPD
 apache2-prefork-dev - development headers for apache2
 apache2-src - Apache source code
 apache2-threaded-dev - development headers for apache2
 apache2-utils - utility programs for webservers
 apache2.2-common - Next generation, scalable, extendable web server
Launchpad-Bugs-Fixed: 811422
Changes: 
 apache2 (2.2.8-1ubuntu0.23) hardy-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
     directive (LP: #811422)
     - debian/patches/220_CVE-2011-3607.dpatch: validate length in
       server/util.c.
     - CVE-2011-3607
   * SECURITY UPDATE: another mod_proxy reverse proxy exposure
     - debian/patches/221_CVE-2011-4317.dpatch: validate additional URIs in
       modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
       server/protocol.c.
     - CVE-2011-4317
   * SECURITY UPDATE: denial of service and possible code execution via
     type field modification within a scoreboard shared memory segment
     - debian/patches/222_CVE-2012-0031.dpatch: check type field in
       server/scoreboard.c.
     - CVE-2012-0031
   * SECURITY UPDATE: cookie disclosure via Bad Request errors
     - debian/patches/223_CVE-2012-0053.dpatch: check lengths in
       server/protocol.c.
     - CVE-2012-0053
Files: 
 7ea80e2d483574038264c3f8561bea24 1034306 web optional apache2.2-common_2.2.8-1ubuntu0.23_ia64.deb
 d6853b6c99959a1fefbf0a5956005cdc 311758 web optional apache2-mpm-worker_2.2.8-1ubuntu0.23_ia64.deb
 c6c7b0dfe91f93ab621a4d9d83dc2d68 305278 web optional apache2-mpm-prefork_2.2.8-1ubuntu0.23_ia64.deb
 e35e4427f2a50a8209bd13b68466e20b 312574 web optional apache2-mpm-event_2.2.8-1ubuntu0.23_ia64.deb
 46a3951f32b1654415a51bb265f131fd 160460 web optional apache2-utils_2.2.8-1ubuntu0.23_ia64.deb
 87b5cb6e07973df531464a53c7031cd3 206896 devel extra apache2-prefork-dev_2.2.8-1ubuntu0.23_ia64.deb
 b751b2b1bbce029ffa45e8c5c9301daa 207676 devel extra apache2-threaded-dev_2.2.8-1ubuntu0.23_ia64.deb
Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>