-
Committer:
Package Import Robot
-
Author(s):
Steve Beattie
-
Date:
2011-11-02 17:21:04 UTC
-
Revision ID:
package-import@ubuntu.com-20111102172104-pa2x9zc1kj0lnrz8
Tags: 2.2.17-1ubuntu1.4
* SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740)
- debian/patches/212_CVE-2011-3368.dpatch: return 400
on invalid requests. (patch courtesy of Michael Jeanson)
- debian/patches/214_CVE-2011-3368_part2.dpatch: fix same for http
0.9 protocol
- CVE-2011-3368
* SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674)
- debian/patches/213_CVE-2011-3348.dpatch: return
HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested
- CVE-2011-3348
* SECURITY UPDATE: mpm-itk failure to drop privileges in certain
configurations
- debian/mpm-itk/patches/11-CVE-2011-1176.patch: merge
configurations correctly
- CVE-2011-1176
* Include additional fixes for regressions introduced by
CVE-2011-3192 fixes
- debian/patches/084_CVE-2011-3192_regression_part2.dpatch:
take upstream fixes for byterange_filter.c through the 2.2.21
release except for the added MaxRanges configuration option along
with a fix staged for 2.2.22.