lp://staging/ubuntu/karmic-proposed/apache2
- Get this branch:
- bzr branch lp://staging/ubuntu/karmic-proposed/apache2
Branch merges
Related source package recipes
Branch information
Recent revisions
- 53. By Marc Deslauriers
-
* debian/
patches/ 905_sslinsecure renegotiation- directive. dpatch: once
openssl gets updated to fix CVE-2009-3555, server renegotiations with
unpatched clients will fail. This patch adds the ability to revert to
the previous unsafe behaviour with a new SSLInsecureRenegotiation
directive. (LP: #616759)
* debian/control: add specific dependency on first openssl version to get
CVE-2009-3555 fix. - 52. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
- debian/patches/ 903_CVE- 2010-0408. dpatch: return the right error code
in modules/proxy/mod_ proxy_ajp. c.
- CVE-2010-0408
* SECURITY UPDATE: information disclosure via improper handling of
headers in subrequests
- debian/patches/ 904_CVE- 2010-0434. dpatch: use a copy of r->headers_in
in server/protocol.c.
- CVE-2010-0434 - 51. By Jamie Strandboge
-
* SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations.
Partial fix for CVE-2009-3555. Configurations requiring renegotiation
of per-directory/location access controls are still affected until
OpenSSL is updated.
- debian/patches/ 900_CVE- 2009-3555. dpatch: disable all client
renegotiations
- CVE-2009-3555
* SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module
- debian/patches/ 901-CVE- 2009-3094. dpatch: fix NULL pointer dereference
in mod_proxy_ftp.c/apr_ socket_ close() and potential buffer overread
in EPSV response parser
- CVE-2009-3094
* SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when
configured as a reverse proxy
- debian/patches/ 902-CVE- 2009-3095. dpatch: adjust proxy_ftp_handler()
in mod_proxy_ftp.c to fail if the decoded Basic credentials contain
special characters.
- CVE-2009-3095 - 50. By Marc Deslauriers
-
* debian/
patches/ 203_fix_ legacy_ ap_rputs_ segfaults. dpatch:
- Fix potential segfaults with the use of the legacy ap_rputs() etc
interfaces, in cases where an output filter fails. This happens
frequently after CVE-2009-1891 got fixed. (LP: #409987) - 49. By Chuck Short
-
* Merge from debian unstable, remaining changes:
- debian/{control, rules}: enable PIE hardening.
- debian/{control, rules, apache2.2-common. ufw.profile} : add ufw profiles.
- Dropped debian/patches/ 203_fix- ssl-timeftm- ignored. dpatch. - 48. By Bhavani Shankar
-
* Merge from debian unstable, remaining changes: LP: #398130
- debian/patches/ 203_fix- ssl-timeftm- ignored. dpatch:
Fix timefmt is ignored when XBitHack is on. (LP: #258914)
- debian/{control, rules}: enable PIE hardening.
- debian/{control, rules, apache2.2-common. ufw.profile} : add ufw profiles. - 47. By Chuck Short
-
* Merge from debian unstable, remaining changes:
- debian/patches/ 203_fix- ssl-timeftm- ignored. dpatch:
Fix timefmt is ignored when XBitHack is on. (LP: #258914)
- debian/{control, rules}: enable PIE hardening.
- debian/{control, rules, apache2.2-common. ufw.profile} : add ufw profiles. - 46. By Andrew Mitchell
-
* Merge from debian unstable, remaining changes:
- debian/patches/ 203_fix- ssi-timeftm- ignored. dpatch:
Fix timefmt is ignored when XBitHack is on. (LP: #258914)
- debian/{control, rules}: enable PIE hardening.
- debian/{control, rules, apache2.2-common. ufw.profile} : add ufw profiles. - 45. By Andrew Mitchell
-
* Merge from debian unstable, remaining changes:
- debian/patches/ 203_fix- ssi-timeftm- ignored. dpatch:
Fix timefmt is ignored when XBitHack is on. (LP: #258914)
- debian/{control, rules}: enable PIE hardening.
- debian/{control, rules, apache2.2-common. ufw.profile} : add ufw profiles. - 44. By Chuck Short
-
debian/
patches/ 203_fix- ssi-timeftm- ignored. dpatch:
Fix timefmt is ignored when XBitHack is on. (LP: #258914)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/natty/apache2
