Name Status Last Modified Last Commit
lp:debian/apache2 bug 1 Development 2012-06-24 20:10:27 UTC
59. Fix typo in conf.d/security comment. ...

Author: Stefan Fritsch
Revision Date: 2012-06-24 20:10:27 UTC

Fix typo in conf.d/security comment. Closes: #678740

lp:debian/wheezy/apache2 1 Development 2012-06-10 12:27:02 UTC
57. [ Arno Töll ] * Fix "ambiguous commen...

Author: Stefan Fritsch
Revision Date: 2012-06-10 12:27:02 UTC

[ Arno Töll ]
* Fix "ambiguous comment in /etc/apache2/apache2.conf" by clarifying
  contradicting statements. (Closes: #675184)

[ Stefan Fritsch ]
* Allow colons in filenames when using wildcards with "Include".
  Closes: #676610
* Add examples for X-Content-Type-Options and X-Frame-Options to
* Fix the VCS dir example in conf.d/security.
* Pick some bug fixes from upstram trunk:
  - core/mod_cgi: Fix script logging in error case
  - mod_dumpio: Fix possible loop in input filter.
  - mod_proxy_ajp: Reduce memory usage in case of many requests on one

lp:debian/experimental/apache2 1 Development 2012-05-28 17:36:03 UTC
56. [ Stefan Fritsch ] * Explicitly enabl...

Author: Arno Töll
Revision Date: 2012-05-28 17:36:03 UTC

[ Stefan Fritsch ]
* Explicitly enable mod_authz_core on upgrades. It can happen that it is
  not pulled in by any of the enabled modules, but we need it in any case
  for apache2.conf. Closes: #669876
* Don't ship the changelogs in the apache2-mpm-itk transitional package.

[ Arno Töll ]
* Add mode lines to various configuration files and scripts. Reformat
  configuration files for consitency.
* Fix "Fix typographic errors in configuration file comments": Thanks to Oxan
  van Leeuwen for providing a patch (Closes: #669269)
* Formulate several clarifications in PACKAGING, start versioning this document
  and add normative read hints. Moreover, document the -m switch for a2enmod.
* Merge spelling and grammar fixes provided by Justin B Rye. Much appreciated!
* Change various state and run directories used by Apache from
  /var/run/<basename> to /var/run/apache2/<basename>. This might change again
  for Wheezy+1 to adopt /run.
* Use more exit status codes for a2query which allows to tell apart why a
  module was disabled, also make its output more readable.
* Changes in apache2-maintscript-helper:
  + Finally apache2_invoke may behave correctly and catch all cases
    including upgrades from Squeeze.
  + apache2_invoke: accepts a third argument to override the rc.d-action now
  + support APACHE2_MAINTSCRIPT_DEBUG: When defined in the environment or in
    /etc/apache2/envvars, debug output is displayed.
* Implement a -r switch for dh_apache2 which allows to force a reload of the
  web server if required.

lp:debian/squeeze/apache2 bug 1 Development 2012-04-01 00:20:48 UTC
37. CVE-2012-0216: Remove "Alias /doc /us...

Author: Stefan Fritsch
Revision Date: 2012-04-01 00:20:48 UTC

CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual
hosts' config files.
If scripting modules like mod_php or mod_rivet are enabled on systems
where either 1) some frontend server forwards connections to an apache2
backend server on the localhost address, or 2) the machine running
apache2 is also used for web browsing, this could allow a remote
attacker to execute example scripts stored under /usr/share/doc.
Depending on the installed packages, this could lead to issues like cross
site scripting, code execution, or leakage of sensitive data.

lp:debian/lenny/apache2 2 Mature 2012-02-05 21:56:02 UTC
23. * Prevent unintended pattern expansio...

Author: Stefan Fritsch
Revision Date: 2012-02-05 21:56:02 UTC

* Prevent unintended pattern expansion in some reverse proxy
  configurations by strictly validating the request-URI. Fixes
  CVE-2011-3368, CVE-2011-3639, CVE-2011-4317.
* CVE-2011-3607: Fix integer overflow in ap_pregsub(), which allowed local
  privilege escalation.
* CVE-2012-0031: Fix client process being able to crash parent process
  during shutdown.
* CVE-2012-0053: Fix an issue in code 400 error responses that could expose
  "httpOnly" cookies.

15 of 5 results