~ubuntu-branches/ubuntu/natty/apache2/natty-security

Viewing all changes in revision 69.

  • Committer: Package Import Robot
  • Author(s): Steve Beattie
  • Date: 2011-11-02 17:21:04 UTC
  • Revision ID: package-import@ubuntu.com-20111102172104-pa2x9zc1kj0lnrz8
Tags: 2.2.17-1ubuntu1.4
* SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740)
  - debian/patches/212_CVE-2011-3368.dpatch: return 400
    on invalid requests. (patch courtesy of Michael Jeanson)
  - debian/patches/214_CVE-2011-3368_part2.dpatch: fix same for http
    0.9 protocol
  - CVE-2011-3368
* SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674)
  - debian/patches/213_CVE-2011-3348.dpatch: return
    HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested
  - CVE-2011-3348
* SECURITY UPDATE: mpm-itk failure to drop privileges in certain
  configurations
  - debian/mpm-itk/patches/11-CVE-2011-1176.patch: merge
    configurations correctly
  - CVE-2011-1176
* Include additional fixes for regressions introduced by
  CVE-2011-3192 fixes
  - debian/patches/084_CVE-2011-3192_regression_part2.dpatch:
    take upstream fixes for byterange_filter.c through the 2.2.21
    release except for the added MaxRanges configuration option along
    with a fix staged for 2.2.22.

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: