Ubuntu
apache2 package

Branches for Oneiric

Name Status Last Modified Last Commit
lp://staging/ubuntu/oneiric/apache2 bug 2 Mature 2011-09-06 19:11:28 UTC
70. * Merge from debian unstable to fix C...

Author: Steve Beattie
Revision Date: 2011-09-06 01:17:15 UTC

* Merge from debian unstable to fix CVE-2011-3192 (LP: #837991).
  Remaining changes:
  - debian/{control, rules}: Enable PIE hardening.
  - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
  - debian/control: Add bzr tag and point it to our tree
  - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
  - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
    Plymouth aware passphrase dialog program ask-for-passphrase.
lp://staging/ubuntu/oneiric-security/apache2 bug 2 Mature 2012-02-16 19:57:20 UTC
72. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2012-02-14 09:35:36 UTC

* SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
  directive (LP: #811422)
  - debian/patches/215_CVE-2011-3607.dpatch: validate length in
    server/util.c.
  - CVE-2011-3607
* SECURITY UPDATE: another mod_proxy reverse proxy exposure
  - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
    modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
    server/protocol.c.
  - CVE-2011-4317
* SECURITY UPDATE: denial of service via invalid cookie
  - debian/patches/217_CVE-2012-0021.dpatch: check name and value in
    modules/loggers/mod_log_config.c.
  - CVE-2012-0021
* SECURITY UPDATE: denial of service and possible code execution via
  type field modification within a scoreboard shared memory segment
  - debian/patches/218_CVE-2012-0031.dpatch: check type field in
    server/scoreboard.c.
  - CVE-2012-0031
* SECURITY UPDATE: cookie disclosure via Bad Request errors
  - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
    server/protocol.c.
  - CVE-2012-0053
lp://staging/ubuntu/oneiric-updates/apache2 2 Mature 2012-02-14 09:35:36 UTC
72. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2012-02-14 09:35:36 UTC

* SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
  directive (LP: #811422)
  - debian/patches/215_CVE-2011-3607.dpatch: validate length in
    server/util.c.
  - CVE-2011-3607
* SECURITY UPDATE: another mod_proxy reverse proxy exposure
  - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
    modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
    server/protocol.c.
  - CVE-2011-4317
* SECURITY UPDATE: denial of service via invalid cookie
  - debian/patches/217_CVE-2012-0021.dpatch: check name and value in
    modules/loggers/mod_log_config.c.
  - CVE-2012-0021
* SECURITY UPDATE: denial of service and possible code execution via
  type field modification within a scoreboard shared memory segment
  - debian/patches/218_CVE-2012-0031.dpatch: check type field in
    server/scoreboard.c.
  - CVE-2012-0031
* SECURITY UPDATE: cookie disclosure via Bad Request errors
  - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
    server/protocol.c.
  - CVE-2012-0053
lp://staging/~lynxman/ubuntu/oneiric/apache2/fixeddefaultsite (Has a merge proposal) 1 Development 2011-08-19 12:48:51 UTC
71. * Expanded changelog to explain more ...

Author: Marc Cluet
Revision Date: 2011-08-19 12:48:51 UTC

* Expanded changelog to explain more in depth the problem we solved with this fix
14 of 4 results FirstPreviousNextLast