Viewing all changes in revision 27.
- Committer: Bazaar Package Importer
- Date: 2009-03-05 17:20:17 UTC
- mfrom: (26.1.3 hardy-proposed)
- Revision ID: james.westby@ubuntu.com-20090305172017-473li6ddlfewuxxc
[ Emanuele Gentili ]
* SECURITY UPDATE:
+ debian/patches/201_security_CVE-2008-2364.dpatch (LP: #239894)
- The ap_proxy_http_process_response function in mod_proxy_http.c
in the mod_proxy module does not limit the number of forwarded
interim responses, which allows remote HTTP servers to cause a
denial of service (memory consumption) via a large number of
interim responses.
+ References
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364
[ Marc Deslauriers ]
* SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in
mod_proxy_balancer
- debian/patches/200_security_CVE-2007-6420.dpatch: generate and validate a
nonce in modules/proxy/mod_proxy_balancer.c.
- CVE-2007-6420
* SECURITY UPDATE: Denial of service via large number of interim responses in
mod_proxy module (LP: #239894)
- debian/patches/201_security_CVE-2008-2364.dpatch: updated patch to newer
version.
- CVE-2008-2364
* SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
mod_proxy_ftp module
- debian/patches/202_security_CVE-2008-2939.dpatch: escape the html
contained in the wildcard value in modules/proxy/mod_proxy_ftp.c.
- CVE-2008-2939
* SECURITY UPDATE:
+ debian/patches/201_security_CVE-2008-2364.dpatch (LP: #239894)
- The ap_proxy_http_process_response function in mod_proxy_http.c
in the mod_proxy module does not limit the number of forwarded
interim responses, which allows remote HTTP servers to cause a
denial of service (memory consumption) via a large number of
interim responses.
+ References
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364
[ Marc Deslauriers ]
* SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in
mod_proxy_balancer
- debian/patches/200_security_CVE-2007-6420.dpatch: generate and validate a
nonce in modules/proxy/mod_proxy_balancer.c.
- CVE-2007-6420
* SECURITY UPDATE: Denial of service via large number of interim responses in
mod_proxy module (LP: #239894)
- debian/patches/201_security_CVE-2008-2364.dpatch: updated patch to newer
version.
- CVE-2008-2364
* SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
mod_proxy_ftp module
- debian/patches/202_security_CVE-2008-2939.dpatch: escape the html
contained in the wildcard value in modules/proxy/mod_proxy_ftp.c.
- CVE-2008-2939
- files added:
- debian/patches/060_fix_ssl_mem_leak.dpatch
- files modified:
- debian/apache2.2-common.postinst
expand all
collapse all
added
removed
