« back to all changes in this revision
Viewing changes to debian/changelog
- Committer: Bazaar Package Importer
- Date: 2009-06-10 17:15:00 UTC
- Revision ID: james.westby@ubuntu.com-20090610171500-ll8ecx3dakxllzgn
* SECURITY UPDATE: response data disclosure in mod_proxy_ajp when a client
request with no request body was sent
- debian/patches/900_CVE-2009-1191.dpatch: adjust
modules/proxy/mod_proxy_ajp.c to not reuse a connection when the client
closes a connection without sending a body
- CVE-2009-1191
* SECURITY UPDATE: Includes option could be overridden via .htaccess file
when AllowOverride restrictions do not permit it
- debian/patches/900_CVE-2009-1195.dpatch: adjust server/config.c,
server/core.c, modules/filters/mod_include.c, include/http_core.h to
only enable .htaccess override when permitted.
- CVE-2009-1195
request with no request body was sent
- debian/patches/900_CVE-2009-1191.dpatch: adjust
modules/proxy/mod_proxy_ajp.c to not reuse a connection when the client
closes a connection without sending a body
- CVE-2009-1191
* SECURITY UPDATE: Includes option could be overridden via .htaccess file
when AllowOverride restrictions do not permit it
- debian/patches/900_CVE-2009-1195.dpatch: adjust server/config.c,
server/core.c, modules/filters/mod_include.c, include/http_core.h to
only enable .htaccess override when permitted.
- CVE-2009-1195
- files added:
- debian/patches/900_CVE-2009-1191.dpatch
- files modified:
- debian/changelog
added
removed
debian/changelog
