-
Committer:
Bazaar Package Importer
-
Author(s):
Jamie Strandboge
-
Date:
2009-06-10 17:15:00 UTC
-
Revision ID:
james.westby@ubuntu.com-20090610171500-ll8ecx3dakxllzgn
Tags: 2.2.11-2ubuntu2.1
* SECURITY UPDATE: response data disclosure in mod_proxy_ajp when a client
request with no request body was sent
- debian/patches/900_CVE-2009-1191.dpatch: adjust
modules/proxy/mod_proxy_ajp.c to not reuse a connection when the client
closes a connection without sending a body
- CVE-2009-1191
* SECURITY UPDATE: Includes option could be overridden via .htaccess file
when AllowOverride restrictions do not permit it
- debian/patches/900_CVE-2009-1195.dpatch: adjust server/config.c,
server/core.c, modules/filters/mod_include.c, include/http_core.h to
only enable .htaccess override when permitted.
- CVE-2009-1195