- Committer: Bazaar Package Importer
- Date: 2009-03-05 15:54:32 UTC
- Revision ID: james.westby@ubuntu.com-20090305155432-vrd5dqgi6nu9j4ua
[ Emanuele Gentili ]
* SECURITY UPDATE:
+ debian/patches/111_CVE-2008-2364.dpatch (LP: #239894)
- The ap_proxy_http_process_response function in mod_proxy_http.c
in the mod_proxy module does not limit the number of forwarded
interim responses, which allows remote HTTP servers to cause a
denial of service (memory consumption) via a large number of
interim responses.
+ References
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364
[ Marc Deslauriers ]
* SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in "413 Request
Entity Too Large" error message
- debian/patches/107_CVE-2007-6203.dpatch: properly escape some error
messages in modules/http/http_protocol.c.
- CVE-2007-6203
* SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in
mod_proxy_balancer
- debian/patches/108_CVE-2007-6420.dpatch: generate and validate a nonce in
modules/proxy/mod_proxy_balancer.c.
- CVE-2007-6420
* SECURITY UPDATE: Denial of service via memory leak in the zlib_stateful_init
function (LP: #224945)
- debian/patches/109_CVE-2008-1678.dpatch: don't call
CRYPTO_cleanup_all_ex_data in modules/ssl/mod_ssl.c.
- CVE-2008-1678
* SECURITY UPDATE: Cross-site scripting (XSS) vulnerability via UTF-7 encoded
URLs
- debian/patches/110_CVE-2008-2168.dpatch: specify a default charset in
modules/dav/main/mod_dav.c, modules/generators/mod_info.c and
modules/proxy/mod_proxy_balancer.c.
- CVE-2008-2168
* SECURITY UPDATE: Denial of service via large number of interim responses in
mod_proxy module (LP: #239894)
- debian/patches/111_CVE-2008-2364.dpatch: updated patch to newer version.
- CVE-2008-2364
* SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
mod_proxy_ftp module
- debian/patches/112_CVE-2008-2939.dpatch: escape the html
contained in the wildcard value in modules/proxy/mod_proxy_ftp.c.
- CVE-2008-2939
* SECURITY UPDATE:
+ debian/patches/111_CVE-2008-2364.dpatch (LP: #239894)
- The ap_proxy_http_process_response function in mod_proxy_http.c
in the mod_proxy module does not limit the number of forwarded
interim responses, which allows remote HTTP servers to cause a
denial of service (memory consumption) via a large number of
interim responses.
+ References
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364
[ Marc Deslauriers ]
* SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in "413 Request
Entity Too Large" error message
- debian/patches/107_CVE-2007-6203.dpatch: properly escape some error
messages in modules/http/http_protocol.c.
- CVE-2007-6203
* SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in
mod_proxy_balancer
- debian/patches/108_CVE-2007-6420.dpatch: generate and validate a nonce in
modules/proxy/mod_proxy_balancer.c.
- CVE-2007-6420
* SECURITY UPDATE: Denial of service via memory leak in the zlib_stateful_init
function (LP: #224945)
- debian/patches/109_CVE-2008-1678.dpatch: don't call
CRYPTO_cleanup_all_ex_data in modules/ssl/mod_ssl.c.
- CVE-2008-1678
* SECURITY UPDATE: Cross-site scripting (XSS) vulnerability via UTF-7 encoded
URLs
- debian/patches/110_CVE-2008-2168.dpatch: specify a default charset in
modules/dav/main/mod_dav.c, modules/generators/mod_info.c and
modules/proxy/mod_proxy_balancer.c.
- CVE-2008-2168
* SECURITY UPDATE: Denial of service via large number of interim responses in
mod_proxy module (LP: #239894)
- debian/patches/111_CVE-2008-2364.dpatch: updated patch to newer version.
- CVE-2008-2364
* SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
mod_proxy_ftp module
- debian/patches/112_CVE-2008-2939.dpatch: escape the html
contained in the wildcard value in modules/proxy/mod_proxy_ftp.c.
- CVE-2008-2939
| Filename | Latest Rev | Last Changed | Committer | Comment | Size | ||
|---|---|---|---|---|---|---|---|
 .. |
|||||||
build
|
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa |
|
||
|
debian
|
2 | 19 years ago | Bazaar Package Importer | Security Release. Patch from upstream for the foll |
|
||
|
docs
|
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa |
|
||
|
include
|
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa |
|
||
|
modules
|
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa |
|
||
|
os
|
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa |
|
||
|
server
|
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa |
|
||
|
srclib
|
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa |
|
||
|
support
|
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa |
|
||
|
test
|
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa |
|
||
.gdbinit |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 7 KB |
|
|
|
ABOUT_APACHE |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 14.5 KB |
|
|
|
acinclude.m4 |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 18.4 KB |
|
|
|
Apache.dsw |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 45 KB |
|
|
|
apachenw.mcp.zip |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 184 KB |
|
|
|
BuildBin.dsp |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 2.6 KB |
|
|
buildconf |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 5.6 KB |
|
|
|
CHANGES |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 667 KB |
|
|
|
config.layout |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 10.6 KB |
|
|
|
configure |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 630 KB |
|
|
|
configure.in |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 22.3 KB |
|
|
|
emacs-style |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 403 bytes |
|
|
|
httpd.dsp |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 3.5 KB |
|
|
|
httpd.spec |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 18.6 KB |
|
|
|
INSTALL |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 3.6 KB |
|
|
|
InstallBin.dsp |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 2.8 KB |
|
|
|
LAYOUT |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 5 KB |
|
|
|
libhttpd.dsp |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 16.2 KB |
|
|
|
LICENSE |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 30.9 KB |
|
|
|
Makefile.in |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 8.3 KB |
|
|
|
Makefile.win |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 30.5 KB |
|
|
|
NOTICE |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 828 bytes |
|
|
|
NWGNUmakefile |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 10.1 KB |
|
|
|
README |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 3.2 KB |
|
|
|
README.platforms |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 4.6 KB |
|
|
|
ROADMAP |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 9.9 KB |
|
|
|
VERSIONING |
21 | 16 years ago | Bazaar Package Importer | Trigger rebuild for hppa | 7.9 KB |
|
|