-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2009-02-25 08:59:04 UTC
-
Revision ID:
james.westby@ubuntu.com-20090225085904-kt03py0dp8tkr47t
Tags: 2.0.55-4ubuntu2.4
* SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in "413 Request
Entity Too Large" error message
- debian/patches/106_CVE-2007-6203.patch: properly escape some error
messages in modules/http/http_protocol.c.
- CVE-2007-6203
* SECURITY UPDATE: Cross-site scripting (XSS) vulnerability via UTF-7 encoded
URLs
- debian/patches/107_CVE-2008-2168.patch: specify a default charset in
modules/dav/main/mod_dav.c and modules/generators/mod_info.c.
- CVE-2008-2168
* SECURITY UPDATE: Denial of service via large number of interim responses in
mod_proxy module (LP: #239894)
- debian/patches/108_CVE-2008-2364.patch: limit the number of interim
responses in modules/proxy/proxy_http.c.
- CVE-2008-2364
* SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
mod_proxy_ftp module
- debian/patches/109_CVE-2008-2939.patch: escape the html contained in the
wildcard value in modules/proxy/proxy_ftp.c.
- CVE-2008-2939