-
Committer:
Package Import Robot
-
Author(s):
Steve Beattie
-
Date:
2011-11-07 14:01:10 UTC
-
Revision ID:
package-import@ubuntu.com-20111107140110-wxth7974i5t2xsm6
Tags: 2.2.20-1ubuntu1.1
* SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740)
- debian/patches/212_CVE-2011-3368.dpatch: return 400
on invalid requests. (patch courtesy of Michael Jeanson)
- CVE-2011-3368
* SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674)
- debian/patches/213_CVE-2011-3348.dpatch: return
HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested
- CVE-2011-3348
* Include additional fixes for regressions introduced by
CVE-2011-3192 fixes
- debian/patches/214_CVE-2011-3192_regression.dpatch:
take upstream fixes for byterange_filter.c through the 2.2.21
release except for the added MaxRanges configuration option, along
with a staged fix for the 2.2.22 release.