Viewing all changes in revision 14.
- Committer: Package Import Robot
- Date: 2015-05-23 23:33:30 UTC
- Revision ID: package-import@ubuntu.com-20150523233330-x6l90n6cdl6o62z6
* Team upload.
* Add CVE-2014-8111.patch. (Closes: #783233)
It was discovered that a JkUnmount rule for a subtree of a previous JkMount
rule could be ignored. This could allow a remote attacker to potentially
access a private artifact in a tree that would otherwise not be accessible
to them.
- Add option to control handling of multiple adjacent slashes in mount and
unmount. New default is collapsing the slashes only in unmount. Before
this change, adjacent slashes were never collapsed, so most mounts and
unmounts didn't match for URLs with multiple adjacent slashes.
- Configuration is done via new JkOption for Apache (values
"CollapseSlashesAll", "CollapseSlashesNone" or "CollapseSlashesUnmount").
* Add CVE-2014-8111.patch. (Closes: #783233)
It was discovered that a JkUnmount rule for a subtree of a previous JkMount
rule could be ignored. This could allow a remote attacker to potentially
access a private artifact in a tree that would otherwise not be accessible
to them.
- Add option to control handling of multiple adjacent slashes in mount and
unmount. New default is collapsing the slashes only in unmount. Before
this change, adjacent slashes were never collapsed, so most mounts and
unmounts didn't match for URLs with multiple adjacent slashes.
- Configuration is done via new JkOption for Apache (values
"CollapseSlashesAll", "CollapseSlashesNone" or "CollapseSlashesUnmount").
- files added:
- .pc/.quilt_patches
- .pc/CVE-2014-8111.patch
- .pc/CVE-2014-8111.patch/native
- .pc/CVE-2014-8111.patch/native/apache-1.3
- .pc/CVE-2014-8111.patch/native/apache-2.0
- .pc/CVE-2014-8111.patch/native/common
- .pc/CVE-2014-8111.patch/native/iis
- files modified:
- .pc/applied-patches
expand all
collapse all
added
removed
