lp://staging/ubuntu/jaunty-proposed/apache2

Created by James Westby and last modified
Get this branch:
bzr branch lp://staging/ubuntu/jaunty-proposed/apache2
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

50. By Marc Deslauriers

* debian/patches/909_sslinsecurerenegotiation-directive.dpatch: once
  openssl gets updated to fix CVE-2009-3555, server renegotiations with
  unpatched clients will fail. This patch adds the ability to revert to
  the previous unsafe behaviour with a new SSLInsecureRenegotiation
  directive. (LP: #616759)
* debian/control: add specific dependency on first openssl version to get
  CVE-2009-3555 fix.

49. By Marc Deslauriers

* SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
  - debian/patches/907_CVE-2010-0408.dpatch: return the right error code
    in modules/proxy/mod_proxy_ajp.c.
  - CVE-2010-0408
* SECURITY UPDATE: information disclosure via improper handling of
  headers in subrequests
  - debian/patches/908_CVE-2010-0434.dpatch: use a copy of r->headers_in
    in server/protocol.c.
  - CVE-2010-0434

48. By Jamie Strandboge

* SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations.
  Partial fix for CVE-2009-3555. Configurations requiring renegotiation
  of per-directory/location access controls are still affected until
  OpenSSL is updated.
  - debian/patches/904_CVE-2009-3555.dpatch: disable all client
    renegotiations
  - CVE-2009-3555
* SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module
  - debian/patches/905-CVE-2009-3094.dpatch: fix NULL pointer dereference
    in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread
    in EPSV response parser
  - CVE-2009-3094
* SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when
  configured as a reverse proxy
  - debian/patches/906-CVE-2009-3095.dpatch: adjust proxy_ftp_handler()
    in mod_proxy_ftp.c to fail if the decoded Basic credentials contain
    special characters.
  - CVE-2009-3095

47. By Marc Deslauriers

* SECURITY UPDATE: remote denial of service in mod_deflate module when
  the network connection was closed before compression completed
  - debian/patches/903_CVE-2009-1891.dpatch: update patch to fix
    regression that caused segfaults under certain circumstances.
    (LP: #409987)
  - CVE-2009-1891

46. By Marc Deslauriers

* SECURITY UPDATE: remote denial of service in the mod_proxy module via
  amount of streamed data that exceeds the Content-Length value
  - debian/patches/902_CVE-2009-1890.dpatch: make sure Content-Length is
    sane and check the length of the data in modules/proxy/mod_proxy_http.c
  - CVE-2009-1890
* SECURITY UPDATE: remote denial of service in mod_deflate module when
  the network connection was closed before compression completed
  - debian/patches/903_CVE-2009-1891.dpatch: fail if the connection has
    been aborted in server/core_filters.c
  - CVE-2009-1891

45. By Jamie Strandboge

* SECURITY UPDATE: response data disclosure in mod_proxy_ajp when a client
  request with no request body was sent
  - debian/patches/900_CVE-2009-1191.dpatch: adjust
    modules/proxy/mod_proxy_ajp.c to not reuse a connection when the client
    closes a connection without sending a body
  - CVE-2009-1191
* SECURITY UPDATE: Includes option could be overridden via .htaccess file
  when AllowOverride restrictions do not permit it
  - debian/patches/900_CVE-2009-1195.dpatch: adjust server/config.c,
    server/core.c, modules/filters/mod_include.c, include/http_core.h to
    only enable .htaccess override when permitted.
  - CVE-2009-1195

44. By Chuck Short

debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
Fix timefmt is ignored when XBitHack is on. (LP: #258914)

43. By Chuck Short

* Merge from debian unstable, remaining changes:
  - debian/{contro,rules}: enable PIE hardening.
  - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.

42. By Chuck Short

* Merge from debian unstable, remaining changes:
  - debian/{control, rules}: enable PIE hardening.
  - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.

41. By Bhavani Shankar

* Merge from debian unstable, remaining changes: (LP: #303375)
  - debian/{control, rules}: enable PIE hardening.
  - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/natty/apache2
This branch contains Public information 
Everyone can see this information.

Subscribers