View Bazaar branches
Get this repository:
git clone https://git.launchpad.net/ubuntu/+source/apache2
Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
applied/ubuntu/vivid-devel 2015-07-27 17:43:37 UTC 2015-07-27
Import patches-applied version 2.4.10-9ubuntu1.1 to applied/ubuntu/vivid-secu...

Author: Marc Deslauriers
Author Date: 2015-07-24 16:25:41 UTC

Import patches-applied version 2.4.10-9ubuntu1.1 to applied/ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 820b66fb86388042c7d874ed60021c19762e090e
Unapplied parent: 51ec5ea508b960da2c0270cee551cbc4c5a36737

New changelog entries:
  * SECURITY UPDATE: request smuggling via chunked transfer encoding
    - debian/patches/CVE-2015-3183.patch: refactor chunk parsing in
      modules/http/http_filters.c.
    - CVE-2015-3183
  * SECURITY UPDATE: access restriction bypass via deprecated API
    - debian/patches/CVE-2015-3185.patch: deprecate old API and add new one
      in include/http_request.h, server/request.c.
    - CVE-2015-3185

applied/ubuntu/vivid-security 2015-07-27 17:43:37 UTC 2015-07-27
Import patches-applied version 2.4.10-9ubuntu1.1 to applied/ubuntu/vivid-secu...

Author: Marc Deslauriers
Author Date: 2015-07-24 16:25:41 UTC

Import patches-applied version 2.4.10-9ubuntu1.1 to applied/ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 820b66fb86388042c7d874ed60021c19762e090e
Unapplied parent: 51ec5ea508b960da2c0270cee551cbc4c5a36737

New changelog entries:
  * SECURITY UPDATE: request smuggling via chunked transfer encoding
    - debian/patches/CVE-2015-3183.patch: refactor chunk parsing in
      modules/http/http_filters.c.
    - CVE-2015-3183
  * SECURITY UPDATE: access restriction bypass via deprecated API
    - debian/patches/CVE-2015-3185.patch: deprecate old API and add new one
      in include/http_request.h, server/request.c.
    - CVE-2015-3185

ubuntu/wily-proposed 2015-07-24 16:13:34 UTC 2015-07-24
Import patches-unapplied version 2.4.12-2ubuntu2 to ubuntu/wily-proposed

Author: Marc Deslauriers
Author Date: 2015-07-24 13:56:09 UTC

Import patches-unapplied version 2.4.12-2ubuntu2 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: db68d8373debd5ab56cbd27c91f3ba0b2915360e

New changelog entries:
  * SECURITY UPDATE: request smuggling via chunked transfer encoding
    - debian/patches/CVE-2015-3183.patch: refactor chunk parsing in
      modules/http/http_filters.c.
    - CVE-2015-3183
  * SECURITY UPDATE: access restriction bypass via deprecated API
    - debian/patches/CVE-2015-3185.patch: deprecate old API and add new one
      in include/http_request.h, server/request.c.
    - CVE-2015-3185

ubuntu/wily 2015-07-24 16:13:34 UTC 2015-07-24
Import patches-unapplied version 2.4.12-2ubuntu2 to ubuntu/wily-proposed

Author: Marc Deslauriers
Author Date: 2015-07-24 13:56:09 UTC

Import patches-unapplied version 2.4.12-2ubuntu2 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: db68d8373debd5ab56cbd27c91f3ba0b2915360e

New changelog entries:
  * SECURITY UPDATE: request smuggling via chunked transfer encoding
    - debian/patches/CVE-2015-3183.patch: refactor chunk parsing in
      modules/http/http_filters.c.
    - CVE-2015-3183
  * SECURITY UPDATE: access restriction bypass via deprecated API
    - debian/patches/CVE-2015-3185.patch: deprecate old API and add new one
      in include/http_request.h, server/request.c.
    - CVE-2015-3185

applied/ubuntu/wily-proposed 2015-07-24 16:13:34 UTC 2015-07-24
Import patches-applied version 2.4.12-2ubuntu2 to applied/ubuntu/wily-proposed

Author: Marc Deslauriers
Author Date: 2015-07-24 13:56:09 UTC

Import patches-applied version 2.4.12-2ubuntu2 to applied/ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: dd36b867552432e0a8336fe26f3ff757b5beda58
Unapplied parent: 2b2f3dbab373ff42f7090ef4c55702b073657c56

New changelog entries:
  * SECURITY UPDATE: request smuggling via chunked transfer encoding
    - debian/patches/CVE-2015-3183.patch: refactor chunk parsing in
      modules/http/http_filters.c.
    - CVE-2015-3183
  * SECURITY UPDATE: access restriction bypass via deprecated API
    - debian/patches/CVE-2015-3185.patch: deprecate old API and add new one
      in include/http_request.h, server/request.c.
    - CVE-2015-3185

applied/ubuntu/wily 2015-07-24 16:13:34 UTC 2015-07-24
Import patches-applied version 2.4.12-2ubuntu2 to applied/ubuntu/wily-proposed

Author: Marc Deslauriers
Author Date: 2015-07-24 13:56:09 UTC

Import patches-applied version 2.4.12-2ubuntu2 to applied/ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: dd36b867552432e0a8336fe26f3ff757b5beda58
Unapplied parent: 2b2f3dbab373ff42f7090ef4c55702b073657c56

New changelog entries:
  * SECURITY UPDATE: request smuggling via chunked transfer encoding
    - debian/patches/CVE-2015-3183.patch: refactor chunk parsing in
      modules/http/http_filters.c.
    - CVE-2015-3183
  * SECURITY UPDATE: access restriction bypass via deprecated API
    - debian/patches/CVE-2015-3185.patch: deprecate old API and add new one
      in include/http_request.h, server/request.c.
    - CVE-2015-3185

ubuntu/lucid-updates 2015-03-10 14:38:10 UTC 2015-03-10
Import patches-unapplied version 2.2.14-5ubuntu8.15 to ubuntu/lucid-security

Author: Marc Deslauriers
Author Date: 2015-03-05 17:45:09 UTC

Import patches-unapplied version 2.2.14-5ubuntu8.15 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: a7f4299a4a7deaae29f0bda82ebf35269db447e1

New changelog entries:
  * SECURITY UPDATE: HTTP header replacement via HTTP trailers (LP: #1425141)
    - debian/patches/CVE-2013-5704.dpatch: don't merge trailers by default
      and add a "MergeTrailers" directive to revert to previous behaviour
      to include/http_core.h, include/httpd.h, modules/http/http_filters.c,
      modules/http/http_request.c, modules/loggers/mod_log_config.c,
      modules/proxy/mod_proxy_http.c, modules/proxy/proxy_util.c,
      server/core.c, server/protocol.c.
    - CVE-2013-5704

applied/ubuntu/lucid-updates 2015-03-10 14:38:10 UTC 2015-03-10
Import patches-applied version 2.2.14-5ubuntu8.15 to applied/ubuntu/lucid-sec...

Author: Marc Deslauriers
Author Date: 2015-03-05 17:45:09 UTC

Import patches-applied version 2.2.14-5ubuntu8.15 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 8d915478cea94af6892d148cf65367265d94e7d6
Unapplied parent: a16cf78a6233287c675749c2fbf28d238be5fe06

New changelog entries:
  * SECURITY UPDATE: HTTP header replacement via HTTP trailers (LP: #1425141)
    - debian/patches/CVE-2013-5704.dpatch: don't merge trailers by default
      and add a "MergeTrailers" directive to revert to previous behaviour
      to include/http_core.h, include/httpd.h, modules/http/http_filters.c,
      modules/http/http_request.c, modules/loggers/mod_log_config.c,
      modules/proxy/mod_proxy_http.c, modules/proxy/proxy_util.c,
      server/core.c, server/protocol.c.
    - CVE-2013-5704

applied/ubuntu/lucid-security 2015-03-10 14:38:10 UTC 2015-03-10
Import patches-applied version 2.2.14-5ubuntu8.15 to applied/ubuntu/lucid-sec...

Author: Marc Deslauriers
Author Date: 2015-03-05 17:45:09 UTC

Import patches-applied version 2.2.14-5ubuntu8.15 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 8d915478cea94af6892d148cf65367265d94e7d6
Unapplied parent: a16cf78a6233287c675749c2fbf28d238be5fe06

New changelog entries:
  * SECURITY UPDATE: HTTP header replacement via HTTP trailers (LP: #1425141)
    - debian/patches/CVE-2013-5704.dpatch: don't merge trailers by default
      and add a "MergeTrailers" directive to revert to previous behaviour
      to include/http_core.h, include/httpd.h, modules/http/http_filters.c,
      modules/http/http_request.c, modules/loggers/mod_log_config.c,
      modules/proxy/mod_proxy_http.c, modules/proxy/proxy_util.c,
      server/core.c, server/protocol.c.
    - CVE-2013-5704

applied/ubuntu/lucid-devel 2015-03-10 14:38:10 UTC 2015-03-10
Import patches-applied version 2.2.14-5ubuntu8.15 to applied/ubuntu/lucid-sec...

Author: Marc Deslauriers
Author Date: 2015-03-05 17:45:09 UTC

Import patches-applied version 2.2.14-5ubuntu8.15 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 8d915478cea94af6892d148cf65367265d94e7d6
Unapplied parent: a16cf78a6233287c675749c2fbf28d238be5fe06

New changelog entries:
  * SECURITY UPDATE: HTTP header replacement via HTTP trailers (LP: #1425141)
    - debian/patches/CVE-2013-5704.dpatch: don't merge trailers by default
      and add a "MergeTrailers" directive to revert to previous behaviour
      to include/http_core.h, include/httpd.h, modules/http/http_filters.c,
      modules/http/http_request.c, modules/loggers/mod_log_config.c,
      modules/proxy/mod_proxy_http.c, modules/proxy/proxy_util.c,
      server/core.c, server/protocol.c.
    - CVE-2013-5704

ubuntu/utopic-updates 2015-03-10 14:38:10 UTC 2015-03-10
Import patches-unapplied version 2.4.10-1ubuntu1.1 to ubuntu/utopic-security

Author: Marc Deslauriers
Author Date: 2015-03-05 17:05:47 UTC

Import patches-unapplied version 2.4.10-1ubuntu1.1 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: 5b08bf02d55e56ec279fa287234935a46eecfd0e

New changelog entries:
  * SECURITY UPDATE: HTTP header replacement via HTTP trailers (LP: #1425141)
    - debian/patches/CVE-2013-5704.patch: don't merge trailers by default
      and add a "MergeTrailers" directive to revert to previous behaviour
      to include/http_core.h, include/httpd.h, modules/http/http_filters.c,
      modules/http/http_request.c, modules/loggers/mod_log_config.c,
      modules/proxy/mod_proxy_http.c, server/core.c, server/protocol.c.
    - CVE-2013-5704
  * SECURITY UPDATE: mod_cache denial of service via empty HTTP
    Content-Type header
    - debian/patches/CVE-2014-3581.patch: check for NULL in
      modules/cache/cache_util.c.
    - CVE-2014-3581
  * SECURITY UPDATE: mod_proxy_fcgi deial of service via long response
    headers
    - debian/patches/CVE-2014-3583.patch: properly handle length in
      modules/aaa/mod_authnz_fcgi.c, modules/proxy/mod_proxy_fcgi.c.
    - CVE-2014-3583
  * SECURITY UPDATE: restriction bypass in mod_lua via multiple Require
    directives
    - debian/patches/CVE-2014-8109.patch: handle multiple Require
      directives with different arguments in modules/lua/mod_lua.c.
    - CVE-2014-8109
  * SECURITY UPDATE: denial of service in mod_lua via websockets PING
    - debian/patches/CVE-2015-0228.patch: fix logic in
      modules/lua/lua_request.c.
    - CVE-2015-0228

applied/ubuntu/utopic-devel 2015-03-10 14:38:10 UTC 2015-03-10
Import patches-applied version 2.4.10-1ubuntu1.1 to applied/ubuntu/utopic-sec...

Author: Marc Deslauriers
Author Date: 2015-03-05 17:05:47 UTC

Import patches-applied version 2.4.10-1ubuntu1.1 to applied/ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: 5bbfc0c44d81be2733bf8784234c052b227e5eed
Unapplied parent: f2d29f8819127aa9b418e332470c367cf7fc7c56

New changelog entries:
  * SECURITY UPDATE: HTTP header replacement via HTTP trailers (LP: #1425141)
    - debian/patches/CVE-2013-5704.patch: don't merge trailers by default
      and add a "MergeTrailers" directive to revert to previous behaviour
      to include/http_core.h, include/httpd.h, modules/http/http_filters.c,
      modules/http/http_request.c, modules/loggers/mod_log_config.c,
      modules/proxy/mod_proxy_http.c, server/core.c, server/protocol.c.
    - CVE-2013-5704
  * SECURITY UPDATE: mod_cache denial of service via empty HTTP
    Content-Type header
    - debian/patches/CVE-2014-3581.patch: check for NULL in
      modules/cache/cache_util.c.
    - CVE-2014-3581
  * SECURITY UPDATE: mod_proxy_fcgi deial of service via long response
    headers
    - debian/patches/CVE-2014-3583.patch: properly handle length in
      modules/aaa/mod_authnz_fcgi.c, modules/proxy/mod_proxy_fcgi.c.
    - CVE-2014-3583
  * SECURITY UPDATE: restriction bypass in mod_lua via multiple Require
    directives
    - debian/patches/CVE-2014-8109.patch: handle multiple Require
      directives with different arguments in modules/lua/mod_lua.c.
    - CVE-2014-8109
  * SECURITY UPDATE: denial of service in mod_lua via websockets PING
    - debian/patches/CVE-2015-0228.patch: fix logic in
      modules/lua/lua_request.c.
    - CVE-2015-0228

ubuntu/utopic-security 2015-03-10 14:38:10 UTC 2015-03-10
Import patches-unapplied version 2.4.10-1ubuntu1.1 to ubuntu/utopic-security

Author: Marc Deslauriers
Author Date: 2015-03-05 17:05:47 UTC

Import patches-unapplied version 2.4.10-1ubuntu1.1 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: 5b08bf02d55e56ec279fa287234935a46eecfd0e

New changelog entries:
  * SECURITY UPDATE: HTTP header replacement via HTTP trailers (LP: #1425141)
    - debian/patches/CVE-2013-5704.patch: don't merge trailers by default
      and add a "MergeTrailers" directive to revert to previous behaviour
      to include/http_core.h, include/httpd.h, modules/http/http_filters.c,
      modules/http/http_request.c, modules/loggers/mod_log_config.c,
      modules/proxy/mod_proxy_http.c, server/core.c, server/protocol.c.
    - CVE-2013-5704
  * SECURITY UPDATE: mod_cache denial of service via empty HTTP
    Content-Type header
    - debian/patches/CVE-2014-3581.patch: check for NULL in
      modules/cache/cache_util.c.
    - CVE-2014-3581
  * SECURITY UPDATE: mod_proxy_fcgi deial of service via long response
    headers
    - debian/patches/CVE-2014-3583.patch: properly handle length in
      modules/aaa/mod_authnz_fcgi.c, modules/proxy/mod_proxy_fcgi.c.
    - CVE-2014-3583
  * SECURITY UPDATE: restriction bypass in mod_lua via multiple Require
    directives
    - debian/patches/CVE-2014-8109.patch: handle multiple Require
      directives with different arguments in modules/lua/mod_lua.c.
    - CVE-2014-8109
  * SECURITY UPDATE: denial of service in mod_lua via websockets PING
    - debian/patches/CVE-2015-0228.patch: fix logic in
      modules/lua/lua_request.c.
    - CVE-2015-0228

applied/ubuntu/utopic-security 2015-03-10 14:38:10 UTC 2015-03-10
Import patches-applied version 2.4.10-1ubuntu1.1 to applied/ubuntu/utopic-sec...

Author: Marc Deslauriers
Author Date: 2015-03-05 17:05:47 UTC

Import patches-applied version 2.4.10-1ubuntu1.1 to applied/ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: 5bbfc0c44d81be2733bf8784234c052b227e5eed
Unapplied parent: f2d29f8819127aa9b418e332470c367cf7fc7c56

New changelog entries:
  * SECURITY UPDATE: HTTP header replacement via HTTP trailers (LP: #1425141)
    - debian/patches/CVE-2013-5704.patch: don't merge trailers by default
      and add a "MergeTrailers" directive to revert to previous behaviour
      to include/http_core.h, include/httpd.h, modules/http/http_filters.c,
      modules/http/http_request.c, modules/loggers/mod_log_config.c,
      modules/proxy/mod_proxy_http.c, server/core.c, server/protocol.c.
    - CVE-2013-5704
  * SECURITY UPDATE: mod_cache denial of service via empty HTTP
    Content-Type header
    - debian/patches/CVE-2014-3581.patch: check for NULL in
      modules/cache/cache_util.c.
    - CVE-2014-3581
  * SECURITY UPDATE: mod_proxy_fcgi deial of service via long response
    headers
    - debian/patches/CVE-2014-3583.patch: properly handle length in
      modules/aaa/mod_authnz_fcgi.c, modules/proxy/mod_proxy_fcgi.c.
    - CVE-2014-3583
  * SECURITY UPDATE: restriction bypass in mod_lua via multiple Require
    directives
    - debian/patches/CVE-2014-8109.patch: handle multiple Require
      directives with different arguments in modules/lua/mod_lua.c.
    - CVE-2014-8109
  * SECURITY UPDATE: denial of service in mod_lua via websockets PING
    - debian/patches/CVE-2015-0228.patch: fix logic in
      modules/lua/lua_request.c.
    - CVE-2015-0228

applied/ubuntu/utopic-updates 2015-03-10 14:38:10 UTC 2015-03-10
Import patches-applied version 2.4.10-1ubuntu1.1 to applied/ubuntu/utopic-sec...

Author: Marc Deslauriers
Author Date: 2015-03-05 17:05:47 UTC

Import patches-applied version 2.4.10-1ubuntu1.1 to applied/ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: 5bbfc0c44d81be2733bf8784234c052b227e5eed
Unapplied parent: f2d29f8819127aa9b418e332470c367cf7fc7c56

New changelog entries:
  * SECURITY UPDATE: HTTP header replacement via HTTP trailers (LP: #1425141)
    - debian/patches/CVE-2013-5704.patch: don't merge trailers by default
      and add a "MergeTrailers" directive to revert to previous behaviour
      to include/http_core.h, include/httpd.h, modules/http/http_filters.c,
      modules/http/http_request.c, modules/loggers/mod_log_config.c,
      modules/proxy/mod_proxy_http.c, server/core.c, server/protocol.c.
    - CVE-2013-5704
  * SECURITY UPDATE: mod_cache denial of service via empty HTTP
    Content-Type header
    - debian/patches/CVE-2014-3581.patch: check for NULL in
      modules/cache/cache_util.c.
    - CVE-2014-3581
  * SECURITY UPDATE: mod_proxy_fcgi deial of service via long response
    headers
    - debian/patches/CVE-2014-3583.patch: properly handle length in
      modules/aaa/mod_authnz_fcgi.c, modules/proxy/mod_proxy_fcgi.c.
    - CVE-2014-3583
  * SECURITY UPDATE: restriction bypass in mod_lua via multiple Require
    directives
    - debian/patches/CVE-2014-8109.patch: handle multiple Require
      directives with different arguments in modules/lua/mod_lua.c.
    - CVE-2014-8109
  * SECURITY UPDATE: denial of service in mod_lua via websockets PING
    - debian/patches/CVE-2015-0228.patch: fix logic in
      modules/lua/lua_request.c.
    - CVE-2015-0228

ubuntu/utopic-devel 2015-03-10 14:38:10 UTC 2015-03-10
Import patches-unapplied version 2.4.10-1ubuntu1.1 to ubuntu/utopic-security

Author: Marc Deslauriers
Author Date: 2015-03-05 17:05:47 UTC

Import patches-unapplied version 2.4.10-1ubuntu1.1 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: 5b08bf02d55e56ec279fa287234935a46eecfd0e

New changelog entries:
  * SECURITY UPDATE: HTTP header replacement via HTTP trailers (LP: #1425141)
    - debian/patches/CVE-2013-5704.patch: don't merge trailers by default
      and add a "MergeTrailers" directive to revert to previous behaviour
      to include/http_core.h, include/httpd.h, modules/http/http_filters.c,
      modules/http/http_request.c, modules/loggers/mod_log_config.c,
      modules/proxy/mod_proxy_http.c, server/core.c, server/protocol.c.
    - CVE-2013-5704
  * SECURITY UPDATE: mod_cache denial of service via empty HTTP
    Content-Type header
    - debian/patches/CVE-2014-3581.patch: check for NULL in
      modules/cache/cache_util.c.
    - CVE-2014-3581
  * SECURITY UPDATE: mod_proxy_fcgi deial of service via long response
    headers
    - debian/patches/CVE-2014-3583.patch: properly handle length in
      modules/aaa/mod_authnz_fcgi.c, modules/proxy/mod_proxy_fcgi.c.
    - CVE-2014-3583
  * SECURITY UPDATE: restriction bypass in mod_lua via multiple Require
    directives
    - debian/patches/CVE-2014-8109.patch: handle multiple Require
      directives with different arguments in modules/lua/mod_lua.c.
    - CVE-2014-8109
  * SECURITY UPDATE: denial of service in mod_lua via websockets PING
    - debian/patches/CVE-2015-0228.patch: fix logic in
      modules/lua/lua_request.c.
    - CVE-2015-0228

ubuntu/lucid-devel 2015-03-10 14:38:10 UTC 2015-03-10
Import patches-unapplied version 2.2.14-5ubuntu8.15 to ubuntu/lucid-security

Author: Marc Deslauriers
Author Date: 2015-03-05 17:45:09 UTC

Import patches-unapplied version 2.2.14-5ubuntu8.15 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: a7f4299a4a7deaae29f0bda82ebf35269db447e1

New changelog entries:
  * SECURITY UPDATE: HTTP header replacement via HTTP trailers (LP: #1425141)
    - debian/patches/CVE-2013-5704.dpatch: don't merge trailers by default
      and add a "MergeTrailers" directive to revert to previous behaviour
      to include/http_core.h, include/httpd.h, modules/http/http_filters.c,
      modules/http/http_request.c, modules/loggers/mod_log_config.c,
      modules/proxy/mod_proxy_http.c, modules/proxy/proxy_util.c,
      server/core.c, server/protocol.c.
    - CVE-2013-5704

ubuntu/lucid-security 2015-03-10 14:38:10 UTC 2015-03-10
Import patches-unapplied version 2.2.14-5ubuntu8.15 to ubuntu/lucid-security

Author: Marc Deslauriers
Author Date: 2015-03-05 17:45:09 UTC

Import patches-unapplied version 2.2.14-5ubuntu8.15 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: a7f4299a4a7deaae29f0bda82ebf35269db447e1

New changelog entries:
  * SECURITY UPDATE: HTTP header replacement via HTTP trailers (LP: #1425141)
    - debian/patches/CVE-2013-5704.dpatch: don't merge trailers by default
      and add a "MergeTrailers" directive to revert to previous behaviour
      to include/http_core.h, include/httpd.h, modules/http/http_filters.c,
      modules/http/http_request.c, modules/loggers/mod_log_config.c,
      modules/proxy/mod_proxy_http.c, modules/proxy/proxy_util.c,
      server/core.c, server/protocol.c.
    - CVE-2013-5704

ubuntu/vivid 2015-03-09 11:58:35 UTC 2015-03-09
Import patches-unapplied version 2.4.10-9ubuntu1 to ubuntu/vivid-proposed

Author: Martin Pitt
Author Date: 2015-03-09 11:03:16 UTC

Import patches-unapplied version 2.4.10-9ubuntu1 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 17c775a090b998a69e6b861dff2feb279f63dafa

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - d/control, d/config-dir/mods-available/ssl.conf,
    - Add dep8 tests.
    - debian/rules: Fix cross-building by passing
      DEB_{HOST,BUILD}_GNU_TYPE to configure.
    - debian/patches/086_svn_cross_compiles: Backport several cross
      fixes from upstream
    - d/index.html: replace Debian with Ubuntu on default page.
    - d/p/split-logfile.patch: fix completely broken split-logfile
      command.
    - d/p/CVE-2015-0228.patch: fix logic in modules/lua/lua_request.c to fix a
      denial of service in mod_lua via websockets PING
  * debian/tests/ssl-passphrase: Add password responder for
    systemd-ask-passphrase.

applied/ubuntu/vivid-proposed 2015-03-09 11:58:35 UTC 2015-03-09
Import patches-applied version 2.4.10-9ubuntu1 to applied/ubuntu/vivid-proposed

Author: Martin Pitt
Author Date: 2015-03-09 11:03:16 UTC

Import patches-applied version 2.4.10-9ubuntu1 to applied/ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: b32f8b7eedfc4361727ce1e1da53ab64be358895
Unapplied parent: d93b7865e9145f2a7f2dad74230ca3c35d347fc8

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - d/control, d/config-dir/mods-available/ssl.conf,
    - Add dep8 tests.
    - debian/rules: Fix cross-building by passing
      DEB_{HOST,BUILD}_GNU_TYPE to configure.
    - debian/patches/086_svn_cross_compiles: Backport several cross
      fixes from upstream
    - d/index.html: replace Debian with Ubuntu on default page.
    - d/p/split-logfile.patch: fix completely broken split-logfile
      command.
    - d/p/CVE-2015-0228.patch: fix logic in modules/lua/lua_request.c to fix a
      denial of service in mod_lua via websockets PING
  * debian/tests/ssl-passphrase: Add password responder for
    systemd-ask-passphrase.

applied/ubuntu/vivid 2015-03-09 11:58:35 UTC 2015-03-09
Import patches-applied version 2.4.10-9ubuntu1 to applied/ubuntu/vivid-proposed

Author: Martin Pitt
Author Date: 2015-03-09 11:03:16 UTC

Import patches-applied version 2.4.10-9ubuntu1 to applied/ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: b32f8b7eedfc4361727ce1e1da53ab64be358895
Unapplied parent: d93b7865e9145f2a7f2dad74230ca3c35d347fc8

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - d/control, d/config-dir/mods-available/ssl.conf,
    - Add dep8 tests.
    - debian/rules: Fix cross-building by passing
      DEB_{HOST,BUILD}_GNU_TYPE to configure.
    - debian/patches/086_svn_cross_compiles: Backport several cross
      fixes from upstream
    - d/index.html: replace Debian with Ubuntu on default page.
    - d/p/split-logfile.patch: fix completely broken split-logfile
      command.
    - d/p/CVE-2015-0228.patch: fix logic in modules/lua/lua_request.c to fix a
      denial of service in mod_lua via websockets PING
  * debian/tests/ssl-passphrase: Add password responder for
    systemd-ask-passphrase.

ubuntu/vivid-proposed 2015-03-09 11:58:35 UTC 2015-03-09
Import patches-unapplied version 2.4.10-9ubuntu1 to ubuntu/vivid-proposed

Author: Martin Pitt
Author Date: 2015-03-09 11:03:16 UTC

Import patches-unapplied version 2.4.10-9ubuntu1 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 17c775a090b998a69e6b861dff2feb279f63dafa

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - d/control, d/config-dir/mods-available/ssl.conf,
    - Add dep8 tests.
    - debian/rules: Fix cross-building by passing
      DEB_{HOST,BUILD}_GNU_TYPE to configure.
    - debian/patches/086_svn_cross_compiles: Backport several cross
      fixes from upstream
    - d/index.html: replace Debian with Ubuntu on default page.
    - d/p/split-logfile.patch: fix completely broken split-logfile
      command.
    - d/p/CVE-2015-0228.patch: fix logic in modules/lua/lua_request.c to fix a
      denial of service in mod_lua via websockets PING
  * debian/tests/ssl-passphrase: Add password responder for
    systemd-ask-passphrase.

applied/ubuntu/utopic 2014-07-25 10:28:24 UTC 2014-07-25
Import patches-applied version 2.4.10-1ubuntu1 to applied/ubuntu/utopic-proposed

Author: Robie Basak
Author Date: 2014-07-24 15:13:16 UTC

Import patches-applied version 2.4.10-1ubuntu1 to applied/ubuntu/utopic-proposed

Imported using git-ubuntu import.

Changelog parent: 1e010873c0ac08eea2fa956e286438bad47d54f9
Unapplied parent: 5a33395ff07782c1b4cc7cea3a81bff0c1eebb14

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
      d/apache2.install: Plymouth aware passphrase dialog program
      ask-for-passphrase.
    - Add dep8 tests.
    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
      configure.
    - debian/patches/086_svn_cross_compiles: Backport several cross fixes from
      upstream
    - d/index.html: replace Debian with Ubuntu on default page.
    - d/p/split-logfile.patch: fix completely broken split-logfile command.

applied/ubuntu/utopic-proposed 2014-07-25 10:28:24 UTC 2014-07-25
Import patches-applied version 2.4.10-1ubuntu1 to applied/ubuntu/utopic-proposed

Author: Robie Basak
Author Date: 2014-07-24 15:13:16 UTC

Import patches-applied version 2.4.10-1ubuntu1 to applied/ubuntu/utopic-proposed

Imported using git-ubuntu import.

Changelog parent: 1e010873c0ac08eea2fa956e286438bad47d54f9
Unapplied parent: 5a33395ff07782c1b4cc7cea3a81bff0c1eebb14

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
      d/apache2.install: Plymouth aware passphrase dialog program
      ask-for-passphrase.
    - Add dep8 tests.
    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
      configure.
    - debian/patches/086_svn_cross_compiles: Backport several cross fixes from
      upstream
    - d/index.html: replace Debian with Ubuntu on default page.
    - d/p/split-logfile.patch: fix completely broken split-logfile command.

ubuntu/utopic 2014-07-25 10:28:24 UTC 2014-07-25
Import patches-unapplied version 2.4.10-1ubuntu1 to ubuntu/utopic-proposed

Author: Robie Basak
Author Date: 2014-07-24 15:13:16 UTC

Import patches-unapplied version 2.4.10-1ubuntu1 to ubuntu/utopic-proposed

Imported using git-ubuntu import.

Changelog parent: cb4b1f159d987435b5ce0707fb56052f7dfa0cec

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
      d/apache2.install: Plymouth aware passphrase dialog program
      ask-for-passphrase.
    - Add dep8 tests.
    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
      configure.
    - debian/patches/086_svn_cross_compiles: Backport several cross fixes from
      upstream
    - d/index.html: replace Debian with Ubuntu on default page.
    - d/p/split-logfile.patch: fix completely broken split-logfile command.

ubuntu/utopic-proposed 2014-07-25 10:28:24 UTC 2014-07-25
Import patches-unapplied version 2.4.10-1ubuntu1 to ubuntu/utopic-proposed

Author: Robie Basak
Author Date: 2014-07-24 15:13:16 UTC

Import patches-unapplied version 2.4.10-1ubuntu1 to ubuntu/utopic-proposed

Imported using git-ubuntu import.

Changelog parent: cb4b1f159d987435b5ce0707fb56052f7dfa0cec

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - d/control, d/config-dir/mods-available/ssl.conf, d/ask-for-passphrase,
      d/apache2.install: Plymouth aware passphrase dialog program
      ask-for-passphrase.
    - Add dep8 tests.
    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE to
      configure.
    - debian/patches/086_svn_cross_compiles: Backport several cross fixes from
      upstream
    - d/index.html: replace Debian with Ubuntu on default page.
    - d/p/split-logfile.patch: fix completely broken split-logfile command.

applied/ubuntu/precise-proposed 2014-04-17 21:53:14 UTC 2014-04-17
Import patches-applied version 2.2.22-1ubuntu1.6 to applied/ubuntu/precise-pr...

Author: Ritesh Khadgaray
Author Date: 2014-03-27 09:36:16 UTC

Import patches-applied version 2.2.22-1ubuntu1.6 to applied/ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: fd43ebeb996516a0c391edd0f6a4046a562789b3
Unapplied parent: 67d1d004e0458ade6ff43c297014841104afec02

New changelog entries:
  * debian/patches/sni.patch:
    - apache2 doesn't compare SNI hostname against Host header
      case-insensitively (lp: #1298273)

ubuntu/precise-proposed 2014-04-17 21:53:14 UTC 2014-04-17
Import patches-unapplied version 2.2.22-1ubuntu1.6 to ubuntu/precise-proposed

Author: Ritesh Khadgaray
Author Date: 2014-03-27 09:36:16 UTC

Import patches-unapplied version 2.2.22-1ubuntu1.6 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: eb56bacff183221380f649d717e31fbbeee0f6b0

New changelog entries:
  * debian/patches/sni.patch:
    - apache2 doesn't compare SNI hostname against Host header
      case-insensitively (lp: #1298273)

ubuntu/trusty 2014-04-03 12:23:13 UTC 2014-04-03
Import patches-unapplied version 2.4.7-1ubuntu4 to ubuntu/trusty-proposed

Author: Robie Basak
Author Date: 2014-04-03 11:21:22 UTC

Import patches-unapplied version 2.4.7-1ubuntu4 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 7ba15d93302a22789f9eab1a03a67f011313878e

New changelog entries:
  * d/p/split-logfile.patch: fix completely broken split-logfile command
    (LP: #1299162). Thanks to Holger Mauermann.

applied/ubuntu/trusty 2014-04-03 12:23:13 UTC 2014-04-03
Import patches-applied version 2.4.7-1ubuntu4 to applied/ubuntu/trusty-proposed

Author: Robie Basak
Author Date: 2014-04-03 11:21:22 UTC

Import patches-applied version 2.4.7-1ubuntu4 to applied/ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 0f7d119878bf50b616e4e792de57a48c454c9324
Unapplied parent: b5de5506ae2c8934be4e3c40822f5fd4d80c056d

New changelog entries:
  * d/p/split-logfile.patch: fix completely broken split-logfile command
    (LP: #1299162). Thanks to Holger Mauermann.

ubuntu/saucy-security 2014-03-24 18:43:24 UTC 2014-03-24
Import patches-unapplied version 2.4.6-2ubuntu2.2 to ubuntu/saucy-security

Author: Marc Deslauriers
Author Date: 2014-03-19 19:32:18 UTC

Import patches-unapplied version 2.4.6-2ubuntu2.2 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: 9dc4e123bf5f2b014b86b2a283e7bfcfd642013b

New changelog entries:
  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
    calculation
    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
      in modules/dav/main/util.c.
    - CVE-2013-6438
  * SECURITY UPDATE: denial of service via truncated cookie and
    mod_log_config
    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
      modules/loggers/mod_log_config.c.
    - CVE-2014-0098

ubuntu/saucy-updates 2014-03-24 18:43:24 UTC 2014-03-24
Import patches-unapplied version 2.4.6-2ubuntu2.2 to ubuntu/saucy-security

Author: Marc Deslauriers
Author Date: 2014-03-19 19:32:18 UTC

Import patches-unapplied version 2.4.6-2ubuntu2.2 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: 9dc4e123bf5f2b014b86b2a283e7bfcfd642013b

New changelog entries:
  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
    calculation
    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
      in modules/dav/main/util.c.
    - CVE-2013-6438
  * SECURITY UPDATE: denial of service via truncated cookie and
    mod_log_config
    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
      modules/loggers/mod_log_config.c.
    - CVE-2014-0098

applied/ubuntu/saucy-devel 2014-03-24 18:43:24 UTC 2014-03-24
Import patches-applied version 2.4.6-2ubuntu2.2 to applied/ubuntu/saucy-security

Author: Marc Deslauriers
Author Date: 2014-03-19 19:32:18 UTC

Import patches-applied version 2.4.6-2ubuntu2.2 to applied/ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: e0652f63d91b78afc16422d707c3df45ff7380aa
Unapplied parent: 72c829d4db8478d531a0efcc8653e961a5eca80b

New changelog entries:
  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
    calculation
    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
      in modules/dav/main/util.c.
    - CVE-2013-6438
  * SECURITY UPDATE: denial of service via truncated cookie and
    mod_log_config
    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
      modules/loggers/mod_log_config.c.
    - CVE-2014-0098

ubuntu/quantal-security 2014-03-24 18:43:24 UTC 2014-03-24
Import patches-unapplied version 2.2.22-6ubuntu2.4 to ubuntu/quantal-security

Author: Marc Deslauriers
Author Date: 2014-03-19 19:38:47 UTC

Import patches-unapplied version 2.2.22-6ubuntu2.4 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 43813725f1f40ef90698186b7823b3b2af981beb

New changelog entries:
  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
    calculation
    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
      in modules/dav/main/util.c.
    - CVE-2013-6438
  * SECURITY UPDATE: denial of service via truncated cookie and
    mod_log_config
    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
      modules/loggers/mod_log_config.c.
    - CVE-2014-0098

applied/ubuntu/quantal-updates 2014-03-24 18:43:24 UTC 2014-03-24
Import patches-applied version 2.2.22-6ubuntu2.4 to applied/ubuntu/quantal-se...

Author: Marc Deslauriers
Author Date: 2014-03-19 19:38:47 UTC

Import patches-applied version 2.2.22-6ubuntu2.4 to applied/ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 193ac78f39aa5632224438117697fbf13f0a411c
Unapplied parent: f29e60337353660e23d8c2d235d8be7ff88d9bdf

New changelog entries:
  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
    calculation
    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
      in modules/dav/main/util.c.
    - CVE-2013-6438
  * SECURITY UPDATE: denial of service via truncated cookie and
    mod_log_config
    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
      modules/loggers/mod_log_config.c.
    - CVE-2014-0098

applied/ubuntu/quantal-security 2014-03-24 18:43:24 UTC 2014-03-24
Import patches-applied version 2.2.22-6ubuntu2.4 to applied/ubuntu/quantal-se...

Author: Marc Deslauriers
Author Date: 2014-03-19 19:38:47 UTC

Import patches-applied version 2.2.22-6ubuntu2.4 to applied/ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 193ac78f39aa5632224438117697fbf13f0a411c
Unapplied parent: f29e60337353660e23d8c2d235d8be7ff88d9bdf

New changelog entries:
  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
    calculation
    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
      in modules/dav/main/util.c.
    - CVE-2013-6438
  * SECURITY UPDATE: denial of service via truncated cookie and
    mod_log_config
    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
      modules/loggers/mod_log_config.c.
    - CVE-2014-0098

applied/ubuntu/quantal-devel 2014-03-24 18:43:24 UTC 2014-03-24
Import patches-applied version 2.2.22-6ubuntu2.4 to applied/ubuntu/quantal-se...

Author: Marc Deslauriers
Author Date: 2014-03-19 19:38:47 UTC

Import patches-applied version 2.2.22-6ubuntu2.4 to applied/ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 193ac78f39aa5632224438117697fbf13f0a411c
Unapplied parent: f29e60337353660e23d8c2d235d8be7ff88d9bdf

New changelog entries:
  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
    calculation
    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
      in modules/dav/main/util.c.
    - CVE-2013-6438
  * SECURITY UPDATE: denial of service via truncated cookie and
    mod_log_config
    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
      modules/loggers/mod_log_config.c.
    - CVE-2014-0098

ubuntu/quantal-updates 2014-03-24 18:43:24 UTC 2014-03-24
Import patches-unapplied version 2.2.22-6ubuntu2.4 to ubuntu/quantal-security

Author: Marc Deslauriers
Author Date: 2014-03-19 19:38:47 UTC

Import patches-unapplied version 2.2.22-6ubuntu2.4 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 43813725f1f40ef90698186b7823b3b2af981beb

New changelog entries:
  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
    calculation
    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
      in modules/dav/main/util.c.
    - CVE-2013-6438
  * SECURITY UPDATE: denial of service via truncated cookie and
    mod_log_config
    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
      modules/loggers/mod_log_config.c.
    - CVE-2014-0098

ubuntu/saucy-devel 2014-03-24 18:43:24 UTC 2014-03-24
Import patches-unapplied version 2.4.6-2ubuntu2.2 to ubuntu/saucy-security

Author: Marc Deslauriers
Author Date: 2014-03-19 19:32:18 UTC

Import patches-unapplied version 2.4.6-2ubuntu2.2 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: 9dc4e123bf5f2b014b86b2a283e7bfcfd642013b

New changelog entries:
  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
    calculation
    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
      in modules/dav/main/util.c.
    - CVE-2013-6438
  * SECURITY UPDATE: denial of service via truncated cookie and
    mod_log_config
    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
      modules/loggers/mod_log_config.c.
    - CVE-2014-0098

applied/ubuntu/saucy-updates 2014-03-24 18:43:24 UTC 2014-03-24
Import patches-applied version 2.4.6-2ubuntu2.2 to applied/ubuntu/saucy-security

Author: Marc Deslauriers
Author Date: 2014-03-19 19:32:18 UTC

Import patches-applied version 2.4.6-2ubuntu2.2 to applied/ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: e0652f63d91b78afc16422d707c3df45ff7380aa
Unapplied parent: 72c829d4db8478d531a0efcc8653e961a5eca80b

New changelog entries:
  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
    calculation
    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
      in modules/dav/main/util.c.
    - CVE-2013-6438
  * SECURITY UPDATE: denial of service via truncated cookie and
    mod_log_config
    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
      modules/loggers/mod_log_config.c.
    - CVE-2014-0098

ubuntu/quantal-devel 2014-03-24 18:43:24 UTC 2014-03-24
Import patches-unapplied version 2.2.22-6ubuntu2.4 to ubuntu/quantal-security

Author: Marc Deslauriers
Author Date: 2014-03-19 19:38:47 UTC

Import patches-unapplied version 2.2.22-6ubuntu2.4 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 43813725f1f40ef90698186b7823b3b2af981beb

New changelog entries:
  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
    calculation
    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
      in modules/dav/main/util.c.
    - CVE-2013-6438
  * SECURITY UPDATE: denial of service via truncated cookie and
    mod_log_config
    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
      modules/loggers/mod_log_config.c.
    - CVE-2014-0098

applied/ubuntu/saucy-security 2014-03-24 18:43:24 UTC 2014-03-24
Import patches-applied version 2.4.6-2ubuntu2.2 to applied/ubuntu/saucy-security

Author: Marc Deslauriers
Author Date: 2014-03-19 19:32:18 UTC

Import patches-applied version 2.4.6-2ubuntu2.2 to applied/ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: e0652f63d91b78afc16422d707c3df45ff7380aa
Unapplied parent: 72c829d4db8478d531a0efcc8653e961a5eca80b

New changelog entries:
  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
    calculation
    - debian/patches/CVE-2013-6438.patch: properly calculate correct length
      in modules/dav/main/util.c.
    - CVE-2013-6438
  * SECURITY UPDATE: denial of service via truncated cookie and
    mod_log_config
    - debian/patches/CVE-2014-0098.patch: properly parse tokens in
      modules/loggers/mod_log_config.c.
    - CVE-2014-0098

debian/squeeze 2014-02-15 16:41:41 UTC 2014-02-15
Import patches-unapplied version 2.2.16-6+squeeze12 to debian/squeeze

Author: Stefan Fritsch
Author Date: 2014-01-28 21:48:05 UTC

Import patches-unapplied version 2.2.16-6+squeeze12 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: b06a71bf8a3f0f36a32fc76ad16f8a5df2f2b202

New changelog entries:
  * Security: CVE-2013-1862: mod_rewrite: Ensure that client data written to
    the RewriteLog is escaped to prevent terminal escape sequences from
    entering the log file. Closes: #722333
  * Security: CVE-2013-1896: mod_dav: denial of service via MERGE request.
    Closes: #717272
  * mod_dav: Fix segfaults in certain error conditions.
    https://issues.apache.org/bugzilla/show_bug.cgi?id=52559

applied/debian/squeeze 2014-02-15 16:41:41 UTC 2014-02-15
Import patches-applied version 2.2.16-6+squeeze12 to applied/debian/squeeze

Author: Stefan Fritsch
Author Date: 2014-01-28 21:48:05 UTC

Import patches-applied version 2.2.16-6+squeeze12 to applied/debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 69800bbe6560e576198da5696274a3bd5a7a5fd2
Unapplied parent: 395caec61eed3a87e9c527b7258b90bccabcf642

New changelog entries:
  * Security: CVE-2013-1862: mod_rewrite: Ensure that client data written to
    the RewriteLog is escaped to prevent terminal escape sequences from
    entering the log file. Closes: #722333
  * Security: CVE-2013-1896: mod_dav: denial of service via MERGE request.
    Closes: #717272
  * mod_dav: Fix segfaults in certain error conditions.
    https://issues.apache.org/bugzilla/show_bug.cgi?id=52559

ubuntu/saucy-proposed 2013-12-05 18:45:59 UTC 2013-12-05
Import patches-unapplied version 2.4.6-2ubuntu2.1 to ubuntu/saucy-proposed

Author: Robie Basak
Author Date: 2013-11-28 17:45:57 UTC

Import patches-unapplied version 2.4.6-2ubuntu2.1 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: c3768683089b7793ec308210d5a24b01fb112c81

New changelog entries:
  * d/p/ignore-quilt-dir, d/p/itk-rerun-configure.patch: adjust build system so
    that it does not use files find inside the .pc directory. This stops a
    double module load causing later havoc, including "ChrootDir" directive
    failure (LP: #1251939). Thanks to Stefan Fritsch.
  * d/tests/chroot: dep8 test for ChrootDir case.

applied/ubuntu/saucy-proposed 2013-12-05 18:45:59 UTC 2013-12-05
Import patches-applied version 2.4.6-2ubuntu2.1 to applied/ubuntu/saucy-proposed

Author: Robie Basak
Author Date: 2013-11-28 17:45:57 UTC

Import patches-applied version 2.4.6-2ubuntu2.1 to applied/ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 791f064ab5882b7be669d7f0a9fe6fa60dfb0d30
Unapplied parent: 80cb8cf6a2f1ce269320e5f193d439e79fe84113

New changelog entries:
  * d/p/ignore-quilt-dir, d/p/itk-rerun-configure.patch: adjust build system so
    that it does not use files find inside the .pc directory. This stops a
    double module load causing later havoc, including "ChrootDir" directive
    failure (LP: #1251939). Thanks to Stefan Fritsch.
  * d/tests/chroot: dep8 test for ChrootDir case.

applied/ubuntu/saucy 2013-08-09 14:33:24 UTC 2013-08-09
Import patches-applied version 2.4.6-2ubuntu2 to applied/ubuntu/saucy-proposed

Author: Robie Basak
Author Date: 2013-08-09 13:08:52 UTC

Import patches-applied version 2.4.6-2ubuntu2 to applied/ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 42fa83092e662f37931959133d27e4fa7153e1a3
Unapplied parent: f61fc6d5be2b5d9315052786ecb8c7da2155c822

New changelog entries:
  * d/ask-for-passphrase: mark executable so that apache2 can run it. Fixes
    passphrase prompting for SSL certificates that are passphrase protected.
  * Add dep8 test for SSL passphrase prompting.

ubuntu/saucy 2013-08-09 14:33:24 UTC 2013-08-09
Import patches-unapplied version 2.4.6-2ubuntu2 to ubuntu/saucy-proposed

Author: Robie Basak
Author Date: 2013-08-09 13:08:52 UTC

Import patches-unapplied version 2.4.6-2ubuntu2 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 643eb13c084f9a21f161f83ce0b9f44d0fbd1bc5

New changelog entries:
  * d/ask-for-passphrase: mark executable so that apache2 can run it. Fixes
    passphrase prompting for SSL certificates that are passphrase protected.
  * Add dep8 test for SSL passphrase prompting.

ubuntu/raring-devel 2013-07-15 12:48:14 UTC 2013-07-15
Import patches-unapplied version 2.2.22-6ubuntu5.1 to ubuntu/raring-security

Author: Marc Deslauriers
Author Date: 2013-07-12 12:29:24 UTC

Import patches-unapplied version 2.2.22-6ubuntu5.1 to ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: 06907897db7b1c39d173450daf8affd0b7997744

New changelog entries:
  * SECURITY UPDATE: log file poisoning via mod_rewrite (LP: #1188069)
    - debian/patches/CVE-2013-1862.patch: properly escape items in
      modules/mappers/mod_rewrite.c.
    - CVE-2013-1862
  * SECURITY UPDATE: denial of service via MERGE request
    - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
      in modules/dav/main/mod_dav.c.
    - CVE-2013-1896

applied/ubuntu/raring-updates 2013-07-15 12:48:14 UTC 2013-07-15
Import patches-applied version 2.2.22-6ubuntu5.1 to applied/ubuntu/raring-sec...

Author: Marc Deslauriers
Author Date: 2013-07-12 12:29:24 UTC

Import patches-applied version 2.2.22-6ubuntu5.1 to applied/ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: dfc2ace47063f827a2b5e86ed6e15a706464db7f
Unapplied parent: 7f24ed24c2b4134a9cf25e757193bec693ad94de

New changelog entries:
  * SECURITY UPDATE: log file poisoning via mod_rewrite (LP: #1188069)
    - debian/patches/CVE-2013-1862.patch: properly escape items in
      modules/mappers/mod_rewrite.c.
    - CVE-2013-1862
  * SECURITY UPDATE: denial of service via MERGE request
    - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
      in modules/dav/main/mod_dav.c.
    - CVE-2013-1896

applied/ubuntu/raring-security 2013-07-15 12:48:14 UTC 2013-07-15
Import patches-applied version 2.2.22-6ubuntu5.1 to applied/ubuntu/raring-sec...

Author: Marc Deslauriers
Author Date: 2013-07-12 12:29:24 UTC

Import patches-applied version 2.2.22-6ubuntu5.1 to applied/ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: dfc2ace47063f827a2b5e86ed6e15a706464db7f
Unapplied parent: 7f24ed24c2b4134a9cf25e757193bec693ad94de

New changelog entries:
  * SECURITY UPDATE: log file poisoning via mod_rewrite (LP: #1188069)
    - debian/patches/CVE-2013-1862.patch: properly escape items in
      modules/mappers/mod_rewrite.c.
    - CVE-2013-1862
  * SECURITY UPDATE: denial of service via MERGE request
    - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
      in modules/dav/main/mod_dav.c.
    - CVE-2013-1896

applied/ubuntu/raring-devel 2013-07-15 12:48:14 UTC 2013-07-15
Import patches-applied version 2.2.22-6ubuntu5.1 to applied/ubuntu/raring-sec...

Author: Marc Deslauriers
Author Date: 2013-07-12 12:29:24 UTC

Import patches-applied version 2.2.22-6ubuntu5.1 to applied/ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: dfc2ace47063f827a2b5e86ed6e15a706464db7f
Unapplied parent: 7f24ed24c2b4134a9cf25e757193bec693ad94de

New changelog entries:
  * SECURITY UPDATE: log file poisoning via mod_rewrite (LP: #1188069)
    - debian/patches/CVE-2013-1862.patch: properly escape items in
      modules/mappers/mod_rewrite.c.
    - CVE-2013-1862
  * SECURITY UPDATE: denial of service via MERGE request
    - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
      in modules/dav/main/mod_dav.c.
    - CVE-2013-1896

ubuntu/raring-updates 2013-07-15 12:48:14 UTC 2013-07-15
Import patches-unapplied version 2.2.22-6ubuntu5.1 to ubuntu/raring-security

Author: Marc Deslauriers
Author Date: 2013-07-12 12:29:24 UTC

Import patches-unapplied version 2.2.22-6ubuntu5.1 to ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: 06907897db7b1c39d173450daf8affd0b7997744

New changelog entries:
  * SECURITY UPDATE: log file poisoning via mod_rewrite (LP: #1188069)
    - debian/patches/CVE-2013-1862.patch: properly escape items in
      modules/mappers/mod_rewrite.c.
    - CVE-2013-1862
  * SECURITY UPDATE: denial of service via MERGE request
    - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
      in modules/dav/main/mod_dav.c.
    - CVE-2013-1896

ubuntu/raring-security 2013-07-15 12:48:14 UTC 2013-07-15
Import patches-unapplied version 2.2.22-6ubuntu5.1 to ubuntu/raring-security

Author: Marc Deslauriers
Author Date: 2013-07-12 12:29:24 UTC

Import patches-unapplied version 2.2.22-6ubuntu5.1 to ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: 06907897db7b1c39d173450daf8affd0b7997744

New changelog entries:
  * SECURITY UPDATE: log file poisoning via mod_rewrite (LP: #1188069)
    - debian/patches/CVE-2013-1862.patch: properly escape items in
      modules/mappers/mod_rewrite.c.
    - CVE-2013-1862
  * SECURITY UPDATE: denial of service via MERGE request
    - debian/patches/CVE-2013-1896.patch: make sure DAV is enabled for URI
      in modules/dav/main/mod_dav.c.
    - CVE-2013-1896

ubuntu/oneiric-devel 2013-03-18 13:03:13 UTC 2013-03-18
Import patches-unapplied version 2.2.20-1ubuntu1.4 to ubuntu/oneiric-security

Author: Marc Deslauriers
Author Date: 2013-03-08 14:56:53 UTC

Import patches-unapplied version 2.2.20-1ubuntu1.4 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 57140407385d8a420289691519dda16984e3decc

New changelog entries:
  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.dpatch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: denial of service in mod_proxy_ajp
    - debian/patches/CVE-2012-4557.dpatch: check for timeout in
      modules/proxy/ajp_link.c, modules/proxy/mod_proxy_ajp.c.
    - CVE-2012-4557
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
    - Thanks to Stefan Fritsch for the fix.
    - CVE-2013-1048

applied/ubuntu/hardy-devel 2013-03-18 13:03:13 UTC 2013-03-18
Import patches-applied version 2.2.8-1ubuntu0.25 to applied/ubuntu/hardy-secu...

Author: Marc Deslauriers
Author Date: 2013-03-08 16:17:51 UTC

Import patches-applied version 2.2.8-1ubuntu0.25 to applied/ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: f5cd9d662656049126ad4ec5ecca8125c227593a
Unapplied parent: d86de406547b2f6ce2ef95365778a8b2b7c0f28b

New changelog entries:
  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.dpatch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: denial of service in mod_proxy_ajp
    - debian/patches/CVE-2012-4557.dpatch: check for timeout in
      modules/proxy/ajp_link.c, modules/proxy/mod_proxy_ajp.c.
    - CVE-2012-4557
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/patches/CVE-2013-1048.dpatch: introduce and use a safer
      mkdir_chown() function in support/apachectl.in.
    - CVE-2013-1048

ubuntu/oneiric-updates 2013-03-18 13:03:13 UTC 2013-03-18
Import patches-unapplied version 2.2.20-1ubuntu1.4 to ubuntu/oneiric-security

Author: Marc Deslauriers
Author Date: 2013-03-08 14:56:53 UTC

Import patches-unapplied version 2.2.20-1ubuntu1.4 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 57140407385d8a420289691519dda16984e3decc

New changelog entries:
  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.dpatch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: denial of service in mod_proxy_ajp
    - debian/patches/CVE-2012-4557.dpatch: check for timeout in
      modules/proxy/ajp_link.c, modules/proxy/mod_proxy_ajp.c.
    - CVE-2012-4557
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
    - Thanks to Stefan Fritsch for the fix.
    - CVE-2013-1048

ubuntu/oneiric-security 2013-03-18 13:03:13 UTC 2013-03-18
Import patches-unapplied version 2.2.20-1ubuntu1.4 to ubuntu/oneiric-security

Author: Marc Deslauriers
Author Date: 2013-03-08 14:56:53 UTC

Import patches-unapplied version 2.2.20-1ubuntu1.4 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 57140407385d8a420289691519dda16984e3decc

New changelog entries:
  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.dpatch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: denial of service in mod_proxy_ajp
    - debian/patches/CVE-2012-4557.dpatch: check for timeout in
      modules/proxy/ajp_link.c, modules/proxy/mod_proxy_ajp.c.
    - CVE-2012-4557
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
    - Thanks to Stefan Fritsch for the fix.
    - CVE-2013-1048

ubuntu/hardy-security 2013-03-18 13:03:13 UTC 2013-03-18
Import patches-unapplied version 2.2.8-1ubuntu0.25 to ubuntu/hardy-security

Author: Marc Deslauriers
Author Date: 2013-03-08 16:17:51 UTC

Import patches-unapplied version 2.2.8-1ubuntu0.25 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: d725bb399220ff3ce740ff83cf22ddb3c5c3c035

New changelog entries:
  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.dpatch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: denial of service in mod_proxy_ajp
    - debian/patches/CVE-2012-4557.dpatch: check for timeout in
      modules/proxy/ajp_link.c, modules/proxy/mod_proxy_ajp.c.
    - CVE-2012-4557
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/patches/CVE-2013-1048.dpatch: introduce and use a safer
      mkdir_chown() function in support/apachectl.in.
    - CVE-2013-1048

ubuntu/hardy-devel 2013-03-18 13:03:13 UTC 2013-03-18
Import patches-unapplied version 2.2.8-1ubuntu0.25 to ubuntu/hardy-security

Author: Marc Deslauriers
Author Date: 2013-03-08 16:17:51 UTC

Import patches-unapplied version 2.2.8-1ubuntu0.25 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: d725bb399220ff3ce740ff83cf22ddb3c5c3c035

New changelog entries:
  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.dpatch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: denial of service in mod_proxy_ajp
    - debian/patches/CVE-2012-4557.dpatch: check for timeout in
      modules/proxy/ajp_link.c, modules/proxy/mod_proxy_ajp.c.
    - CVE-2012-4557
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/patches/CVE-2013-1048.dpatch: introduce and use a safer
      mkdir_chown() function in support/apachectl.in.
    - CVE-2013-1048

applied/ubuntu/oneiric-security 2013-03-18 13:03:13 UTC 2013-03-18
Import patches-applied version 2.2.20-1ubuntu1.4 to applied/ubuntu/oneiric-se...

Author: Marc Deslauriers
Author Date: 2013-03-08 14:56:53 UTC

Import patches-applied version 2.2.20-1ubuntu1.4 to applied/ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: e880446ebc769cd01e0d160af67448588928dd3e
Unapplied parent: b741f00c2ffd657670c7514f9d218da2d76ce4bc

New changelog entries:
  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.dpatch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: denial of service in mod_proxy_ajp
    - debian/patches/CVE-2012-4557.dpatch: check for timeout in
      modules/proxy/ajp_link.c, modules/proxy/mod_proxy_ajp.c.
    - CVE-2012-4557
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
    - Thanks to Stefan Fritsch for the fix.
    - CVE-2013-1048

applied/ubuntu/hardy-updates 2013-03-18 13:03:13 UTC 2013-03-18
Import patches-applied version 2.2.8-1ubuntu0.25 to applied/ubuntu/hardy-secu...

Author: Marc Deslauriers
Author Date: 2013-03-08 16:17:51 UTC

Import patches-applied version 2.2.8-1ubuntu0.25 to applied/ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: f5cd9d662656049126ad4ec5ecca8125c227593a
Unapplied parent: d86de406547b2f6ce2ef95365778a8b2b7c0f28b

New changelog entries:
  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.dpatch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: denial of service in mod_proxy_ajp
    - debian/patches/CVE-2012-4557.dpatch: check for timeout in
      modules/proxy/ajp_link.c, modules/proxy/mod_proxy_ajp.c.
    - CVE-2012-4557
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/patches/CVE-2013-1048.dpatch: introduce and use a safer
      mkdir_chown() function in support/apachectl.in.
    - CVE-2013-1048

applied/ubuntu/oneiric-updates 2013-03-18 13:03:13 UTC 2013-03-18
Import patches-applied version 2.2.20-1ubuntu1.4 to applied/ubuntu/oneiric-se...

Author: Marc Deslauriers
Author Date: 2013-03-08 14:56:53 UTC

Import patches-applied version 2.2.20-1ubuntu1.4 to applied/ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: e880446ebc769cd01e0d160af67448588928dd3e
Unapplied parent: b741f00c2ffd657670c7514f9d218da2d76ce4bc

New changelog entries:
  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.dpatch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: denial of service in mod_proxy_ajp
    - debian/patches/CVE-2012-4557.dpatch: check for timeout in
      modules/proxy/ajp_link.c, modules/proxy/mod_proxy_ajp.c.
    - CVE-2012-4557
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
    - Thanks to Stefan Fritsch for the fix.
    - CVE-2013-1048

ubuntu/hardy-updates 2013-03-18 13:03:13 UTC 2013-03-18
Import patches-unapplied version 2.2.8-1ubuntu0.25 to ubuntu/hardy-security

Author: Marc Deslauriers
Author Date: 2013-03-08 16:17:51 UTC

Import patches-unapplied version 2.2.8-1ubuntu0.25 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: d725bb399220ff3ce740ff83cf22ddb3c5c3c035

New changelog entries:
  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.dpatch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: denial of service in mod_proxy_ajp
    - debian/patches/CVE-2012-4557.dpatch: check for timeout in
      modules/proxy/ajp_link.c, modules/proxy/mod_proxy_ajp.c.
    - CVE-2012-4557
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/patches/CVE-2013-1048.dpatch: introduce and use a safer
      mkdir_chown() function in support/apachectl.in.
    - CVE-2013-1048

applied/ubuntu/oneiric-devel 2013-03-18 13:03:13 UTC 2013-03-18
Import patches-applied version 2.2.20-1ubuntu1.4 to applied/ubuntu/oneiric-se...

Author: Marc Deslauriers
Author Date: 2013-03-08 14:56:53 UTC

Import patches-applied version 2.2.20-1ubuntu1.4 to applied/ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: e880446ebc769cd01e0d160af67448588928dd3e
Unapplied parent: b741f00c2ffd657670c7514f9d218da2d76ce4bc

New changelog entries:
  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.dpatch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: denial of service in mod_proxy_ajp
    - debian/patches/CVE-2012-4557.dpatch: check for timeout in
      modules/proxy/ajp_link.c, modules/proxy/mod_proxy_ajp.c.
    - CVE-2012-4557
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
    - Thanks to Stefan Fritsch for the fix.
    - CVE-2013-1048

applied/ubuntu/hardy-security 2013-03-18 13:03:13 UTC 2013-03-18
Import patches-applied version 2.2.8-1ubuntu0.25 to applied/ubuntu/hardy-secu...

Author: Marc Deslauriers
Author Date: 2013-03-08 16:17:51 UTC

Import patches-applied version 2.2.8-1ubuntu0.25 to applied/ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: f5cd9d662656049126ad4ec5ecca8125c227593a
Unapplied parent: d86de406547b2f6ce2ef95365778a8b2b7c0f28b

New changelog entries:
  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.dpatch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: denial of service in mod_proxy_ajp
    - debian/patches/CVE-2012-4557.dpatch: check for timeout in
      modules/proxy/ajp_link.c, modules/proxy/mod_proxy_ajp.c.
    - CVE-2012-4557
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/patches/CVE-2013-1048.dpatch: introduce and use a safer
      mkdir_chown() function in support/apachectl.in.
    - CVE-2013-1048

applied/ubuntu/raring 2013-03-15 14:03:14 UTC 2013-03-15
Import patches-applied version 2.2.22-6ubuntu5 to applied/ubuntu/raring-proposed

Author: Marc Deslauriers
Author Date: 2013-03-15 11:59:58 UTC

Import patches-applied version 2.2.22-6ubuntu5 to applied/ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: ff91fb202562c0b1313226a55c12b77c06d2fab5
Unapplied parent: d22645dd297cc8f7b8b60ad1270efcd03b565424

New changelog entries:
  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
    - Thanks to Stefan Fritsch for the fix.
    - CVE-2013-1048

ubuntu/raring-proposed 2013-03-15 14:03:14 UTC 2013-03-15
Import patches-unapplied version 2.2.22-6ubuntu5 to ubuntu/raring-proposed

Author: Marc Deslauriers
Author Date: 2013-03-15 11:59:58 UTC

Import patches-unapplied version 2.2.22-6ubuntu5 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: a02b17d57e500aac3e60c40960bc4ce552c4e6a6

New changelog entries:
  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
    - Thanks to Stefan Fritsch for the fix.
    - CVE-2013-1048

ubuntu/raring 2013-03-15 14:03:14 UTC 2013-03-15
Import patches-unapplied version 2.2.22-6ubuntu5 to ubuntu/raring-proposed

Author: Marc Deslauriers
Author Date: 2013-03-15 11:59:58 UTC

Import patches-unapplied version 2.2.22-6ubuntu5 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: a02b17d57e500aac3e60c40960bc4ce552c4e6a6

New changelog entries:
  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
    - Thanks to Stefan Fritsch for the fix.
    - CVE-2013-1048

applied/ubuntu/raring-proposed 2013-03-15 14:03:14 UTC 2013-03-15
Import patches-applied version 2.2.22-6ubuntu5 to applied/ubuntu/raring-proposed

Author: Marc Deslauriers
Author Date: 2013-03-15 11:59:58 UTC

Import patches-applied version 2.2.22-6ubuntu5 to applied/ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: ff91fb202562c0b1313226a55c12b77c06d2fab5
Unapplied parent: d22645dd297cc8f7b8b60ad1270efcd03b565424

New changelog entries:
  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.patch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/apache2ctl: introduce and use a safer mkdir_chown() function.
    - Thanks to Stefan Fritsch for the fix.
    - CVE-2013-1048

ubuntu/quantal 2012-07-16 08:08:16 UTC 2012-07-16
Import patches-unapplied version 2.2.22-6ubuntu2 to ubuntu/quantal

Author: Matthieu Baerts
Author Date: 2012-07-16 08:02:18 UTC

Import patches-unapplied version 2.2.22-6ubuntu2 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: 8dbf29704dcbbd8934b8055b59948bc6a6b9b461

New changelog entries:
  * debian/apache2.py
   - Update apport hook for python3 ; thanks to Edward Donovan (LP: #1013171)
   - Check if this directory exists: /etc/apache2/sites-enabled/

applied/ubuntu/quantal 2012-07-16 08:08:16 UTC 2012-07-16
Import patches-applied version 2.2.22-6ubuntu2 to applied/ubuntu/quantal

Author: Matthieu Baerts
Author Date: 2012-07-16 08:02:18 UTC

Import patches-applied version 2.2.22-6ubuntu2 to applied/ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: ff47b648554582ffdf4ffc3b11d4a672f75b63f9
Unapplied parent: 746b0a93d58ce803f654e728f89fc6f8af43b459

New changelog entries:
  * debian/apache2.py
   - Update apport hook for python3 ; thanks to Edward Donovan (LP: #1013171)
   - Check if this directory exists: /etc/apache2/sites-enabled/

debian/lenny 2012-03-10 15:10:15 UTC 2012-03-10
Import patches-unapplied version 2.2.9-10+lenny12 to debian/lenny

Author: Stefan Fritsch
Author Date: 2012-02-05 20:56:02 UTC

Import patches-unapplied version 2.2.9-10+lenny12 to debian/lenny

Imported using git-ubuntu import.

Changelog parent: 2d405ec019c68ebd88ee66c4f910627555922d12

New changelog entries:
  * Prevent unintended pattern expansion in some reverse proxy
    configurations by strictly validating the request-URI. Fixes
    CVE-2011-3368, CVE-2011-3639, CVE-2011-4317.
  * CVE-2011-3607: Fix integer overflow in ap_pregsub(), which allowed local
    privilege escalation.
  * CVE-2012-0031: Fix client process being able to crash parent process
    during shutdown.
  * CVE-2012-0053: Fix an issue in code 400 error responses that could expose
    "httpOnly" cookies.

applied/debian/lenny 2012-03-10 15:10:15 UTC 2012-03-10
Import patches-applied version 2.2.9-10+lenny12 to applied/debian/lenny

Author: Stefan Fritsch
Author Date: 2012-02-05 20:56:02 UTC

Import patches-applied version 2.2.9-10+lenny12 to applied/debian/lenny

Imported using git-ubuntu import.

Changelog parent: 9ecb7b754570f35d5e823dfb557ff6a5107ada66
Unapplied parent: 5f8cb05538217c8aafa57310d7bd5ce0dbe01736

New changelog entries:
  * Prevent unintended pattern expansion in some reverse proxy
    configurations by strictly validating the request-URI. Fixes
    CVE-2011-3368, CVE-2011-3639, CVE-2011-4317.
  * CVE-2011-3607: Fix integer overflow in ap_pregsub(), which allowed local
    privilege escalation.
  * CVE-2012-0031: Fix client process being able to crash parent process
    during shutdown.
  * CVE-2012-0053: Fix an issue in code 400 error responses that could expose
    "httpOnly" cookies.

applied/ubuntu/lucid-proposed 2012-03-05 16:46:26 UTC 2012-03-05
Import patches-applied version 2.2.14-5ubuntu8.9 to applied/ubuntu/lucid-prop...

Author: Chuck Short
Author Date: 2012-03-02 19:43:08 UTC

Import patches-applied version 2.2.14-5ubuntu8.9 to applied/ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 1457137394dd8b69217f824c0c7a3fd4fb625d3a
Unapplied parent: 8a2507ff90f4c78a963f79a94e96cac3ba7b362c

New changelog entries:
  * debian/patches/99-fix-mod-dav-permissions.dpatch: Fix webdav permissions,
    backported from trunk Thanks to James M. Leady (LP: #540747)

ubuntu/lucid-proposed 2012-03-05 16:46:26 UTC 2012-03-05
Import patches-unapplied version 2.2.14-5ubuntu8.9 to ubuntu/lucid-proposed

Author: Chuck Short
Author Date: 2012-03-02 19:43:08 UTC

Import patches-unapplied version 2.2.14-5ubuntu8.9 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 321ce80ba02b4bee9b7dd2a7fa627ebbbfd7fb47

New changelog entries:
  * debian/patches/99-fix-mod-dav-permissions.dpatch: Fix webdav permissions,
    backported from trunk Thanks to James M. Leady (LP: #540747)

applied/ubuntu/maverick-security 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-applied version 2.2.16-1ubuntu3.5 to applied/ubuntu/maverick-s...

Author: Marc Deslauriers
Author Date: 2012-02-14 15:11:29 UTC

Import patches-applied version 2.2.16-1ubuntu3.5 to applied/ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: 4609e29e87fddf400ee403abd966ba453d929e39
Unapplied parent: a7120f274fd758c22f992933f6e3a093cb978095

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

applied/ubuntu/maverick-devel 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-applied version 2.2.16-1ubuntu3.5 to applied/ubuntu/maverick-s...

Author: Marc Deslauriers
Author Date: 2012-02-14 15:11:29 UTC

Import patches-applied version 2.2.16-1ubuntu3.5 to applied/ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: 4609e29e87fddf400ee403abd966ba453d929e39
Unapplied parent: a7120f274fd758c22f992933f6e3a093cb978095

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

ubuntu/maverick-devel 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-unapplied version 2.2.16-1ubuntu3.5 to ubuntu/maverick-security

Author: Marc Deslauriers
Author Date: 2012-02-14 15:11:29 UTC

Import patches-unapplied version 2.2.16-1ubuntu3.5 to ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: 6f48e22a59b24ffba49b9f3c6d1db685a66b3a5a

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

applied/ubuntu/maverick-updates 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-applied version 2.2.16-1ubuntu3.5 to applied/ubuntu/maverick-s...

Author: Marc Deslauriers
Author Date: 2012-02-14 15:11:29 UTC

Import patches-applied version 2.2.16-1ubuntu3.5 to applied/ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: 4609e29e87fddf400ee403abd966ba453d929e39
Unapplied parent: a7120f274fd758c22f992933f6e3a093cb978095

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

ubuntu/natty-devel 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-unapplied version 2.2.17-1ubuntu1.5 to ubuntu/natty-security

Author: Marc Deslauriers
Author Date: 2012-02-14 15:02:26 UTC

Import patches-unapplied version 2.2.17-1ubuntu1.5 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: 39bb9af2f1cc11b440a66c3cd9ae7fbc0e85db18

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service via invalid cookie
    - debian/patches/217_CVE-2012-0021.dpatch: check name and value in
      modules/loggers/mod_log_config.c.
    - CVE-2012-0021
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

ubuntu/maverick-updates 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-unapplied version 2.2.16-1ubuntu3.5 to ubuntu/maverick-security

Author: Marc Deslauriers
Author Date: 2012-02-14 15:11:29 UTC

Import patches-unapplied version 2.2.16-1ubuntu3.5 to ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: 6f48e22a59b24ffba49b9f3c6d1db685a66b3a5a

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

ubuntu/maverick-security 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-unapplied version 2.2.16-1ubuntu3.5 to ubuntu/maverick-security

Author: Marc Deslauriers
Author Date: 2012-02-14 15:11:29 UTC

Import patches-unapplied version 2.2.16-1ubuntu3.5 to ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: 6f48e22a59b24ffba49b9f3c6d1db685a66b3a5a

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

applied/ubuntu/natty-updates 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-applied version 2.2.17-1ubuntu1.5 to applied/ubuntu/natty-secu...

Author: Marc Deslauriers
Author Date: 2012-02-14 15:02:26 UTC

Import patches-applied version 2.2.17-1ubuntu1.5 to applied/ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: 78852854add8dc1c9e870e4c1176e7b67674ff8f
Unapplied parent: 51bc6f22c0df03a44cf5b2bc3736cef2260ef23c

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service via invalid cookie
    - debian/patches/217_CVE-2012-0021.dpatch: check name and value in
      modules/loggers/mod_log_config.c.
    - CVE-2012-0021
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

applied/ubuntu/natty-security 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-applied version 2.2.17-1ubuntu1.5 to applied/ubuntu/natty-secu...

Author: Marc Deslauriers
Author Date: 2012-02-14 15:02:26 UTC

Import patches-applied version 2.2.17-1ubuntu1.5 to applied/ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: 78852854add8dc1c9e870e4c1176e7b67674ff8f
Unapplied parent: 51bc6f22c0df03a44cf5b2bc3736cef2260ef23c

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service via invalid cookie
    - debian/patches/217_CVE-2012-0021.dpatch: check name and value in
      modules/loggers/mod_log_config.c.
    - CVE-2012-0021
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

applied/ubuntu/natty-devel 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-applied version 2.2.17-1ubuntu1.5 to applied/ubuntu/natty-secu...

Author: Marc Deslauriers
Author Date: 2012-02-14 15:02:26 UTC

Import patches-applied version 2.2.17-1ubuntu1.5 to applied/ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: 78852854add8dc1c9e870e4c1176e7b67674ff8f
Unapplied parent: 51bc6f22c0df03a44cf5b2bc3736cef2260ef23c

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service via invalid cookie
    - debian/patches/217_CVE-2012-0021.dpatch: check name and value in
      modules/loggers/mod_log_config.c.
    - CVE-2012-0021
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

ubuntu/natty-updates 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-unapplied version 2.2.17-1ubuntu1.5 to ubuntu/natty-security

Author: Marc Deslauriers
Author Date: 2012-02-14 15:02:26 UTC

Import patches-unapplied version 2.2.17-1ubuntu1.5 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: 39bb9af2f1cc11b440a66c3cd9ae7fbc0e85db18

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service via invalid cookie
    - debian/patches/217_CVE-2012-0021.dpatch: check name and value in
      modules/loggers/mod_log_config.c.
    - CVE-2012-0021
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

ubuntu/natty-security 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-unapplied version 2.2.17-1ubuntu1.5 to ubuntu/natty-security

Author: Marc Deslauriers
Author Date: 2012-02-14 15:02:26 UTC

Import patches-unapplied version 2.2.17-1ubuntu1.5 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: 39bb9af2f1cc11b440a66c3cd9ae7fbc0e85db18

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service via invalid cookie
    - debian/patches/217_CVE-2012-0021.dpatch: check name and value in
      modules/loggers/mod_log_config.c.
    - CVE-2012-0021
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

applied/ubuntu/precise 2012-02-13 01:33:37 UTC 2012-02-13
Import patches-applied version 2.2.22-1ubuntu1 to applied/ubuntu/precise

Author: Chuck Short
Author Date: 2012-02-13 01:06:35 UTC

Import patches-applied version 2.2.22-1ubuntu1 to applied/ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: d18a1c6f998ad74e03b8038502e8190c3dd034f6
Unapplied parent: a1fd8cdeb56a80478aaf13890d9dd9e2d7b2e8f9

New changelog entries:
  * Merge from Debian testing. Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.

ubuntu/precise 2012-02-13 01:33:37 UTC 2012-02-13
Import patches-unapplied version 2.2.22-1ubuntu1 to ubuntu/precise

Author: Chuck Short
Author Date: 2012-02-13 01:06:35 UTC

Import patches-unapplied version 2.2.22-1ubuntu1 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 065234ee30b7351aa0a72730a5e57cb0a700c412

New changelog entries:
  * Merge from Debian testing. Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.

applied/ubuntu/oneiric 2011-09-06 19:04:10 UTC 2011-09-06
Import patches-applied version 2.2.20-1ubuntu1 to applied/ubuntu/oneiric

Author: Steve Beattie
Author Date: 2011-09-06 08:17:15 UTC

Import patches-applied version 2.2.20-1ubuntu1 to applied/ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: de2716403366616cc98729e992da2a15738b7d84
Unapplied parent: 763661c86389830015f1f3640b02679c824b8b71

New changelog entries:
  * Merge from debian unstable to fix CVE-2011-3192 (LP: #837991).
    Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.

ubuntu/oneiric 2011-09-06 19:04:10 UTC 2011-09-06
Import patches-unapplied version 2.2.20-1ubuntu1 to ubuntu/oneiric

Author: Steve Beattie
Author Date: 2011-09-06 08:17:15 UTC

Import patches-unapplied version 2.2.20-1ubuntu1 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: dedd18e27f7852e11855d1c115fefc9e41b6d6ee

New changelog entries:
  * Merge from debian unstable to fix CVE-2011-3192 (LP: #837991).
    Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.

ubuntu/dapper-updates 2011-05-24 19:05:06 UTC 2011-05-24
Import patches-unapplied version 2.0.55-4ubuntu2.13 to ubuntu/dapper-security

Author: Steve Beattie
Author Date: 2011-05-23 04:17:32 UTC

Import patches-unapplied version 2.0.55-4ubuntu2.13 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 16b6c1f1bbcc39e4f5b819010e159108725dfd63

New changelog entries:
  * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
    apache's mod_index
    - debian/patches/122_fnmatch_CVE-2011-0419.patch: rewrite
      apr_fnmatch to have a better time bounds on execution.
    - CVE-2011-0419
    - debian/patches/123_fnmatch_CVE-2011-1928.patch: fix possible
      DoS introduced by patch for CVE-2011-0419.
    - CVE-2011-1928

applied/ubuntu/dapper-devel 2011-05-24 19:05:06 UTC 2011-05-24
Import patches-applied version 2.0.55-4ubuntu2.13 to applied/ubuntu/dapper-se...

Author: Steve Beattie
Author Date: 2011-05-23 04:17:32 UTC

Import patches-applied version 2.0.55-4ubuntu2.13 to applied/ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 85c1fca4c390daf18dd89f223c418980c8086e6e
Unapplied parent: d11cd8703a735152c01a45267ea31dc7ede906fb

New changelog entries:
  * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
    apache's mod_index
    - debian/patches/122_fnmatch_CVE-2011-0419.patch: rewrite
      apr_fnmatch to have a better time bounds on execution.
    - CVE-2011-0419
    - debian/patches/123_fnmatch_CVE-2011-1928.patch: fix possible
      DoS introduced by patch for CVE-2011-0419.
    - CVE-2011-1928

ubuntu/dapper-security 2011-05-24 19:05:06 UTC 2011-05-24
Import patches-unapplied version 2.0.55-4ubuntu2.13 to ubuntu/dapper-security

Author: Steve Beattie
Author Date: 2011-05-23 04:17:32 UTC

Import patches-unapplied version 2.0.55-4ubuntu2.13 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 16b6c1f1bbcc39e4f5b819010e159108725dfd63

New changelog entries:
  * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
    apache's mod_index
    - debian/patches/122_fnmatch_CVE-2011-0419.patch: rewrite
      apr_fnmatch to have a better time bounds on execution.
    - CVE-2011-0419
    - debian/patches/123_fnmatch_CVE-2011-1928.patch: fix possible
      DoS introduced by patch for CVE-2011-0419.
    - CVE-2011-1928

ubuntu/dapper-devel 2011-05-24 19:05:06 UTC 2011-05-24
Import patches-unapplied version 2.0.55-4ubuntu2.13 to ubuntu/dapper-security

Author: Steve Beattie
Author Date: 2011-05-23 04:17:32 UTC

Import patches-unapplied version 2.0.55-4ubuntu2.13 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 16b6c1f1bbcc39e4f5b819010e159108725dfd63

New changelog entries:
  * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
    apache's mod_index
    - debian/patches/122_fnmatch_CVE-2011-0419.patch: rewrite
      apr_fnmatch to have a better time bounds on execution.
    - CVE-2011-0419
    - debian/patches/123_fnmatch_CVE-2011-1928.patch: fix possible
      DoS introduced by patch for CVE-2011-0419.
    - CVE-2011-1928

applied/ubuntu/dapper-updates 2011-05-24 19:05:06 UTC 2011-05-24
Import patches-applied version 2.0.55-4ubuntu2.13 to applied/ubuntu/dapper-se...

Author: Steve Beattie
Author Date: 2011-05-23 04:17:32 UTC

Import patches-applied version 2.0.55-4ubuntu2.13 to applied/ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 85c1fca4c390daf18dd89f223c418980c8086e6e
Unapplied parent: d11cd8703a735152c01a45267ea31dc7ede906fb

New changelog entries:
  * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
    apache's mod_index
    - debian/patches/122_fnmatch_CVE-2011-0419.patch: rewrite
      apr_fnmatch to have a better time bounds on execution.
    - CVE-2011-0419
    - debian/patches/123_fnmatch_CVE-2011-1928.patch: fix possible
      DoS introduced by patch for CVE-2011-0419.
    - CVE-2011-1928

applied/ubuntu/dapper-security 2011-05-24 19:05:06 UTC 2011-05-24
Import patches-applied version 2.0.55-4ubuntu2.13 to applied/ubuntu/dapper-se...

Author: Steve Beattie
Author Date: 2011-05-23 04:17:32 UTC

Import patches-applied version 2.0.55-4ubuntu2.13 to applied/ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 85c1fca4c390daf18dd89f223c418980c8086e6e
Unapplied parent: d11cd8703a735152c01a45267ea31dc7ede906fb

New changelog entries:
  * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
    apache's mod_index
    - debian/patches/122_fnmatch_CVE-2011-0419.patch: rewrite
      apr_fnmatch to have a better time bounds on execution.
    - CVE-2011-0419
    - debian/patches/123_fnmatch_CVE-2011-1928.patch: fix possible
      DoS introduced by patch for CVE-2011-0419.
    - CVE-2011-1928

ubuntu/natty 2011-02-22 19:04:48 UTC 2011-02-22
Import patches-unapplied version 2.2.17-1ubuntu1 to ubuntu/natty

Author: Chuck Short
Author Date: 2011-02-22 18:02:08 UTC

Import patches-unapplied version 2.2.17-1ubuntu1 to ubuntu/natty

Imported using git-ubuntu import.

Changelog parent: 37cf083701f3d38635c36b384e5c8e970ba8c2db

New changelog entries:
  * Merge from debian unstable, remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.

applied/ubuntu/natty 2011-02-22 19:04:48 UTC 2011-02-22
Import patches-applied version 2.2.17-1ubuntu1 to applied/ubuntu/natty

Author: Chuck Short
Author Date: 2011-02-22 18:02:08 UTC

Import patches-applied version 2.2.17-1ubuntu1 to applied/ubuntu/natty

Imported using git-ubuntu import.

Changelog parent: 1d02b5d53c525117ffe6be70b2b615be1aa92ad0
Unapplied parent: 23e21140f7d367afcc848c0fb823761a6aa5955d

New changelog entries:
  * Merge from debian unstable, remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.

101200 of 284 results

Other repositories

Name Last Modified
lp:ubuntu/+source/apache2 2018-10-15
lp:~ahasenack/ubuntu/+source/apache2 2018-10-10
lp:~nacc/ubuntu/+source/apache2 2017-07-27
lp:~evarlast/ubuntu/+source/apache2 2016-11-30
14 of 4 results
You can't create new repositories for apache2 in Ubuntu.