Ubuntu
apache2 package

Please merge apache2 2.2.14-5(main) from debian squeeze(main)

Bug #506862 reported by Bhavani Shankar
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
Fix Released
Undecided
Mathias Gug

Bug Description

Binary package hint: apache2

Debian Changelog:

 apache2 (2.2.14-5) unstable; urgency=low

   * Security: Further mitigation for the TLS renegotation attack
     (CVE-2009-3555): Disable keep-alive if parts of the next request have
     already been received when doing a renegotiation. This defends against
     some request splicing attacks.
   * Print a useful error message if 'apache2ctl status' fails. Add a comment
     to /etc/apache2/envvars on how to change the options for www-browser.
     Closes: #561496, #272069
   * Improve function to detect apache2 pid in init-script (closes: #562583).
   * Add hint README.Debian on how to pass auth info to CGI scripts.
     Closes: #483219
   * Re-introduce objcopy magic to avoid dangling symlinks to the debug info
     in the mpm packages. Closes: #563278
   * Make apxs2 use a2enmod and /etc/apache2/mods-available. Closes: #470178,
     LP: #500703
   * Point to README.backtrace in apache2-dbg's description.
   * Use more debhelper functions to simplify debian/rules.
   * Add misc-depends to various packages to make lintian happy.
   * Change build-dep from libcap2-dev to libcap-dev because of package rename.

 -- Stefan Fritsch <email address hidden> Sat, 02 Jan 2010 22:44:15 +0100

CVE References

Revision history for this message
Bhavani Shankar (bhavi) wrote :
Changed in apache2 (Ubuntu):
status: New → Confirmed
Revision history for this message
Mathias Gug (mathiaz) wrote :

Acked. I'll upload the package once alpha2 has been released.

Changed in apache2 (Ubuntu):
status: Confirmed → Fix Committed
assignee: nobody → Mathias Gug (mathiaz)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apache2 - 2.2.14-5ubuntu1

---------------
apache2 (2.2.14-5ubuntu1) lucid; urgency=low

  * Merge from debian testing. Remaining changes: LP: #506862
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree.

apache2 (2.2.14-5) unstable; urgency=low

  * Security: Further mitigation for the TLS renegotation attack
    (CVE-2009-3555): Disable keep-alive if parts of the next request have
    already been received when doing a renegotiation. This defends against
    some request splicing attacks.
  * Print a useful error message if 'apache2ctl status' fails. Add a comment
    to /etc/apache2/envvars on how to change the options for www-browser.
    Closes: #561496, #272069
  * Improve function to detect apache2 pid in init-script (closes: #562583).
  * Add hint README.Debian on how to pass auth info to CGI scripts.
    Closes: #483219
  * Re-introduce objcopy magic to avoid dangling symlinks to the debug info
    in the mpm packages. Closes: #563278
  * Make apxs2 use a2enmod and /etc/apache2/mods-available. Closes: #470178,
    LP: #500703
  * Point to README.backtrace in apache2-dbg's description.
  * Use more debhelper functions to simplify debian/rules.
  * Add misc-depends to various packages to make lintian happy.
  * Change build-dep from libcap2-dev to libcap-dev because of package rename.
 -- Bhavani Shankar <email address hidden> Wed, 13 Jan 2010 14:28:41 +0530

Changed in apache2 (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.