~ubuntu-branches/ubuntu/edgy/apache2/edgy-updates : files for revision 13

~ubuntu-branches/ubuntu/edgy/apache2/edgy-updates : (Revision 13)

Committer: Bazaar Package Importer
Author(s): Jamie Strandboge
Date: 2008-01-29 20:12:00 UTC
Revision ID: james.westby@ubuntu.com-20080129201200-t0pv136o7a5t7j8t

Tags: 2.0.55-4ubuntu4.2

* SECURITY UPDATE: denial of service (application crash) when using
  mod_proxy in threaded MPM via crafted date headers.
* debian/patches/100_CVE-2007-3847.patch: fix proxy_util.c to use
  apr_date_parse_http() and apr_rfc822_date()
* SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
  when charset not defined
* debian/patches/101_CVE-2007-4465.patch: fix mod_autoindex.c to properly
  check for and use charset
* SECURITY UPDATE: cross-site scripting vulnerability in mod_imap
* debian/patches/102_CVE-2007-5000.patch: fix for mod_imap.c to use
  ap_escape_html()
* SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
  server-status is enabled
* debian/patches/103_CVE-2007-6388.patch: fix for mod_status.c to properly
  setup table
* SECURITY UPDATE: cross-site scripting vulnerability in proxy_ftp when
  charset is not defined
* debian/patches/104_CVE-2008-0005.patch: fix for proxy_ftp.c to define
  a charset
* SECURITY UPDATE: cross-site scripting vulnerability in Expect headers
* debian/patches/105_CVE-2006-3918.patch: fix for http_protocol.c to use
  ap_escape_html()
* References
  CVE-2007-3847
  CVE-2007-4465
  CVE-2007-5000
  CVE-2007-6388
  CVE-2008-0005
  CVE-2006-3918

Filename	Latest Rev	Last Changed	Committer	Comment
..
debian	2	19 years ago	Bazaar Package Importer	Security Release. Patch from upstream for the foll
upstream	4	18 years ago	Bazaar Package Importer	Add 047_ssl_reneg_with_body, which adds a (bounded