~ubuntu-branches/ubuntu/oneiric/apache2/oneiric-security

Viewing all changes in revision 72.

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2012-02-14 09:35:36 UTC
  • Revision ID: package-import@ubuntu.com-20120214093536-k617v5xd5nf28tuv
Tags: 2.2.20-1ubuntu1.2
* SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
  directive (LP: #811422)
  - debian/patches/215_CVE-2011-3607.dpatch: validate length in
    server/util.c.
  - CVE-2011-3607
* SECURITY UPDATE: another mod_proxy reverse proxy exposure
  - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
    modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
    server/protocol.c.
  - CVE-2011-4317
* SECURITY UPDATE: denial of service via invalid cookie
  - debian/patches/217_CVE-2012-0021.dpatch: check name and value in
    modules/loggers/mod_log_config.c.
  - CVE-2012-0021
* SECURITY UPDATE: denial of service and possible code execution via
  type field modification within a scoreboard shared memory segment
  - debian/patches/218_CVE-2012-0031.dpatch: check type field in
    server/scoreboard.c.
  - CVE-2012-0031
* SECURITY UPDATE: cookie disclosure via Bad Request errors
  - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
    server/protocol.c.
  - CVE-2012-0053

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: