lp://staging/ubuntu/jaunty-proposed/apache2
- Get this branch:
- bzr branch lp://staging/ubuntu/jaunty-proposed/apache2
Branch merges
Branch information
Recent revisions
- 50. By Marc Deslauriers
-
* debian/
patches/ 909_sslinsecure renegotiation- directive. dpatch: once
openssl gets updated to fix CVE-2009-3555, server renegotiations with
unpatched clients will fail. This patch adds the ability to revert to
the previous unsafe behaviour with a new SSLInsecureRenegotiation
directive. (LP: #616759)
* debian/control: add specific dependency on first openssl version to get
CVE-2009-3555 fix. - 49. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
- debian/patches/ 907_CVE- 2010-0408. dpatch: return the right error code
in modules/proxy/mod_ proxy_ajp. c.
- CVE-2010-0408
* SECURITY UPDATE: information disclosure via improper handling of
headers in subrequests
- debian/patches/ 908_CVE- 2010-0434. dpatch: use a copy of r->headers_in
in server/protocol.c.
- CVE-2010-0434 - 48. By Jamie Strandboge
-
* SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations.
Partial fix for CVE-2009-3555. Configurations requiring renegotiation
of per-directory/location access controls are still affected until
OpenSSL is updated.
- debian/patches/ 904_CVE- 2009-3555. dpatch: disable all client
renegotiations
- CVE-2009-3555
* SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module
- debian/patches/ 905-CVE- 2009-3094. dpatch: fix NULL pointer dereference
in mod_proxy_ftp.c/apr_ socket_ close() and potential buffer overread
in EPSV response parser
- CVE-2009-3094
* SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when
configured as a reverse proxy
- debian/patches/ 906-CVE- 2009-3095. dpatch: adjust proxy_ftp_handler()
in mod_proxy_ftp.c to fail if the decoded Basic credentials contain
special characters.
- CVE-2009-3095 - 47. By Marc Deslauriers
-
* SECURITY UPDATE: remote denial of service in mod_deflate module when
the network connection was closed before compression completed
- debian/patches/ 903_CVE- 2009-1891. dpatch: update patch to fix
regression that caused segfaults under certain circumstances.
(LP: #409987)
- CVE-2009-1891 - 46. By Marc Deslauriers
-
* SECURITY UPDATE: remote denial of service in the mod_proxy module via
amount of streamed data that exceeds the Content-Length value
- debian/patches/ 902_CVE- 2009-1890. dpatch: make sure Content-Length is
sane and check the length of the data in modules/proxy/mod_ proxy_http. c
- CVE-2009-1890
* SECURITY UPDATE: remote denial of service in mod_deflate module when
the network connection was closed before compression completed
- debian/patches/ 903_CVE- 2009-1891. dpatch: fail if the connection has
been aborted in server/core_filters. c
- CVE-2009-1891 - 45. By Jamie Strandboge
-
* SECURITY UPDATE: response data disclosure in mod_proxy_ajp when a client
request with no request body was sent
- debian/patches/ 900_CVE- 2009-1191. dpatch: adjust
modules/proxy/mod_ proxy_ajp. c to not reuse a connection when the client
closes a connection without sending a body
- CVE-2009-1191
* SECURITY UPDATE: Includes option could be overridden via .htaccess file
when AllowOverride restrictions do not permit it
- debian/patches/ 900_CVE- 2009-1195. dpatch: adjust server/config.c,
server/core.c, modules/filters/ mod_include. c, include/http_core.h to
only enable .htaccess override when permitted.
- CVE-2009-1195 - 44. By Chuck Short
-
debian/
patches/ 203_fix- ssi-timeftm- ignored. dpatch:
Fix timefmt is ignored when XBitHack is on. (LP: #258914) - 43. By Chuck Short
-
* Merge from debian unstable, remaining changes:
- debian/{contro, rules}: enable PIE hardening.
- debian/{control, rules, apache2.2-common. ufw.profile} : add ufw profiles. - 42. By Chuck Short
-
* Merge from debian unstable, remaining changes:
- debian/{control, rules}: enable PIE hardening.
- debian/{control, rules, apache2.2-common. ufw.profile} : add ufw profiles. - 41. By Bhavani Shankar
-
* Merge from debian unstable, remaining changes: (LP: #303375)
- debian/{control, rules}: enable PIE hardening.
- debian/{control, rules, apache2.2-common. ufw.profile} : add ufw profiles.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/natty/apache2