View Bazaar branches
Get this repository:
git clone https://git.launchpad.net/ubuntu/+source/apache2
Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
ubuntu/lucid-proposed 2012-03-05 16:46:26 UTC 2012-03-05
Import patches-unapplied version 2.2.14-5ubuntu8.9 to ubuntu/lucid-proposed

Author: Chuck Short
Author Date: 2012-03-02 19:43:08 UTC

Import patches-unapplied version 2.2.14-5ubuntu8.9 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 321ce80ba02b4bee9b7dd2a7fa627ebbbfd7fb47

New changelog entries:
  * debian/patches/99-fix-mod-dav-permissions.dpatch: Fix webdav permissions,
    backported from trunk Thanks to James M. Leady (LP: #540747)

applied/ubuntu/lucid-proposed 2012-03-05 16:46:26 UTC 2012-03-05
Import patches-applied version 2.2.14-5ubuntu8.9 to applied/ubuntu/lucid-prop...

Author: Chuck Short
Author Date: 2012-03-02 19:43:08 UTC

Import patches-applied version 2.2.14-5ubuntu8.9 to applied/ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 1457137394dd8b69217f824c0c7a3fd4fb625d3a
Unapplied parent: 8a2507ff90f4c78a963f79a94e96cac3ba7b362c

New changelog entries:
  * debian/patches/99-fix-mod-dav-permissions.dpatch: Fix webdav permissions,
    backported from trunk Thanks to James M. Leady (LP: #540747)

applied/ubuntu/maverick-security 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-applied version 2.2.16-1ubuntu3.5 to applied/ubuntu/maverick-s...

Author: Marc Deslauriers
Author Date: 2012-02-14 15:11:29 UTC

Import patches-applied version 2.2.16-1ubuntu3.5 to applied/ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: 4609e29e87fddf400ee403abd966ba453d929e39
Unapplied parent: a7120f274fd758c22f992933f6e3a093cb978095

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

ubuntu/natty-security 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-unapplied version 2.2.17-1ubuntu1.5 to ubuntu/natty-security

Author: Marc Deslauriers
Author Date: 2012-02-14 15:02:26 UTC

Import patches-unapplied version 2.2.17-1ubuntu1.5 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: 39bb9af2f1cc11b440a66c3cd9ae7fbc0e85db18

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service via invalid cookie
    - debian/patches/217_CVE-2012-0021.dpatch: check name and value in
      modules/loggers/mod_log_config.c.
    - CVE-2012-0021
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

applied/ubuntu/natty-updates 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-applied version 2.2.17-1ubuntu1.5 to applied/ubuntu/natty-secu...

Author: Marc Deslauriers
Author Date: 2012-02-14 15:02:26 UTC

Import patches-applied version 2.2.17-1ubuntu1.5 to applied/ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: 78852854add8dc1c9e870e4c1176e7b67674ff8f
Unapplied parent: 51bc6f22c0df03a44cf5b2bc3736cef2260ef23c

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service via invalid cookie
    - debian/patches/217_CVE-2012-0021.dpatch: check name and value in
      modules/loggers/mod_log_config.c.
    - CVE-2012-0021
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

applied/ubuntu/maverick-devel 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-applied version 2.2.16-1ubuntu3.5 to applied/ubuntu/maverick-s...

Author: Marc Deslauriers
Author Date: 2012-02-14 15:11:29 UTC

Import patches-applied version 2.2.16-1ubuntu3.5 to applied/ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: 4609e29e87fddf400ee403abd966ba453d929e39
Unapplied parent: a7120f274fd758c22f992933f6e3a093cb978095

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

ubuntu/natty-devel 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-unapplied version 2.2.17-1ubuntu1.5 to ubuntu/natty-security

Author: Marc Deslauriers
Author Date: 2012-02-14 15:02:26 UTC

Import patches-unapplied version 2.2.17-1ubuntu1.5 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: 39bb9af2f1cc11b440a66c3cd9ae7fbc0e85db18

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service via invalid cookie
    - debian/patches/217_CVE-2012-0021.dpatch: check name and value in
      modules/loggers/mod_log_config.c.
    - CVE-2012-0021
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

ubuntu/maverick-updates 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-unapplied version 2.2.16-1ubuntu3.5 to ubuntu/maverick-security

Author: Marc Deslauriers
Author Date: 2012-02-14 15:11:29 UTC

Import patches-unapplied version 2.2.16-1ubuntu3.5 to ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: 6f48e22a59b24ffba49b9f3c6d1db685a66b3a5a

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

ubuntu/maverick-security 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-unapplied version 2.2.16-1ubuntu3.5 to ubuntu/maverick-security

Author: Marc Deslauriers
Author Date: 2012-02-14 15:11:29 UTC

Import patches-unapplied version 2.2.16-1ubuntu3.5 to ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: 6f48e22a59b24ffba49b9f3c6d1db685a66b3a5a

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

applied/ubuntu/natty-security 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-applied version 2.2.17-1ubuntu1.5 to applied/ubuntu/natty-secu...

Author: Marc Deslauriers
Author Date: 2012-02-14 15:02:26 UTC

Import patches-applied version 2.2.17-1ubuntu1.5 to applied/ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: 78852854add8dc1c9e870e4c1176e7b67674ff8f
Unapplied parent: 51bc6f22c0df03a44cf5b2bc3736cef2260ef23c

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service via invalid cookie
    - debian/patches/217_CVE-2012-0021.dpatch: check name and value in
      modules/loggers/mod_log_config.c.
    - CVE-2012-0021
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

applied/ubuntu/natty-devel 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-applied version 2.2.17-1ubuntu1.5 to applied/ubuntu/natty-secu...

Author: Marc Deslauriers
Author Date: 2012-02-14 15:02:26 UTC

Import patches-applied version 2.2.17-1ubuntu1.5 to applied/ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: 78852854add8dc1c9e870e4c1176e7b67674ff8f
Unapplied parent: 51bc6f22c0df03a44cf5b2bc3736cef2260ef23c

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service via invalid cookie
    - debian/patches/217_CVE-2012-0021.dpatch: check name and value in
      modules/loggers/mod_log_config.c.
    - CVE-2012-0021
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

applied/ubuntu/maverick-updates 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-applied version 2.2.16-1ubuntu3.5 to applied/ubuntu/maverick-s...

Author: Marc Deslauriers
Author Date: 2012-02-14 15:11:29 UTC

Import patches-applied version 2.2.16-1ubuntu3.5 to applied/ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: 4609e29e87fddf400ee403abd966ba453d929e39
Unapplied parent: a7120f274fd758c22f992933f6e3a093cb978095

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

ubuntu/maverick-devel 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-unapplied version 2.2.16-1ubuntu3.5 to ubuntu/maverick-security

Author: Marc Deslauriers
Author Date: 2012-02-14 15:11:29 UTC

Import patches-unapplied version 2.2.16-1ubuntu3.5 to ubuntu/maverick-security

Imported using git-ubuntu import.

Changelog parent: 6f48e22a59b24ffba49b9f3c6d1db685a66b3a5a

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

ubuntu/natty-updates 2012-02-16 19:36:55 UTC 2012-02-16
Import patches-unapplied version 2.2.17-1ubuntu1.5 to ubuntu/natty-security

Author: Marc Deslauriers
Author Date: 2012-02-14 15:02:26 UTC

Import patches-unapplied version 2.2.17-1ubuntu1.5 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: 39bb9af2f1cc11b440a66c3cd9ae7fbc0e85db18

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
    directive (LP: #811422)
    - debian/patches/215_CVE-2011-3607.dpatch: validate length in
      server/util.c.
    - CVE-2011-3607
  * SECURITY UPDATE: another mod_proxy reverse proxy exposure
    - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in
      modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
      server/protocol.c.
    - CVE-2011-4317
  * SECURITY UPDATE: denial of service via invalid cookie
    - debian/patches/217_CVE-2012-0021.dpatch: check name and value in
      modules/loggers/mod_log_config.c.
    - CVE-2012-0021
  * SECURITY UPDATE: denial of service and possible code execution via
    type field modification within a scoreboard shared memory segment
    - debian/patches/218_CVE-2012-0031.dpatch: check type field in
      server/scoreboard.c.
    - CVE-2012-0031
  * SECURITY UPDATE: cookie disclosure via Bad Request errors
    - debian/patches/219_CVE-2012-0053.dpatch: check lengths in
      server/protocol.c.
    - CVE-2012-0053

ubuntu/precise 2012-02-13 01:33:37 UTC 2012-02-13
Import patches-unapplied version 2.2.22-1ubuntu1 to ubuntu/precise

Author: Chuck Short
Author Date: 2012-02-13 01:06:35 UTC

Import patches-unapplied version 2.2.22-1ubuntu1 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 065234ee30b7351aa0a72730a5e57cb0a700c412

New changelog entries:
  * Merge from Debian testing. Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.

applied/ubuntu/precise 2012-02-13 01:33:37 UTC 2012-02-13
Import patches-applied version 2.2.22-1ubuntu1 to applied/ubuntu/precise

Author: Chuck Short
Author Date: 2012-02-13 01:06:35 UTC

Import patches-applied version 2.2.22-1ubuntu1 to applied/ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: d18a1c6f998ad74e03b8038502e8190c3dd034f6
Unapplied parent: a1fd8cdeb56a80478aaf13890d9dd9e2d7b2e8f9

New changelog entries:
  * Merge from Debian testing. Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.

applied/ubuntu/oneiric 2011-09-06 19:04:10 UTC 2011-09-06
Import patches-applied version 2.2.20-1ubuntu1 to applied/ubuntu/oneiric

Author: Steve Beattie
Author Date: 2011-09-06 08:17:15 UTC

Import patches-applied version 2.2.20-1ubuntu1 to applied/ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: de2716403366616cc98729e992da2a15738b7d84
Unapplied parent: 763661c86389830015f1f3640b02679c824b8b71

New changelog entries:
  * Merge from debian unstable to fix CVE-2011-3192 (LP: #837991).
    Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.

ubuntu/oneiric 2011-09-06 19:04:10 UTC 2011-09-06
Import patches-unapplied version 2.2.20-1ubuntu1 to ubuntu/oneiric

Author: Steve Beattie
Author Date: 2011-09-06 08:17:15 UTC

Import patches-unapplied version 2.2.20-1ubuntu1 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: dedd18e27f7852e11855d1c115fefc9e41b6d6ee

New changelog entries:
  * Merge from debian unstable to fix CVE-2011-3192 (LP: #837991).
    Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.

applied/ubuntu/dapper-security 2011-05-24 19:05:06 UTC 2011-05-24
Import patches-applied version 2.0.55-4ubuntu2.13 to applied/ubuntu/dapper-se...

Author: Steve Beattie
Author Date: 2011-05-23 04:17:32 UTC

Import patches-applied version 2.0.55-4ubuntu2.13 to applied/ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 85c1fca4c390daf18dd89f223c418980c8086e6e
Unapplied parent: d11cd8703a735152c01a45267ea31dc7ede906fb

New changelog entries:
  * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
    apache's mod_index
    - debian/patches/122_fnmatch_CVE-2011-0419.patch: rewrite
      apr_fnmatch to have a better time bounds on execution.
    - CVE-2011-0419
    - debian/patches/123_fnmatch_CVE-2011-1928.patch: fix possible
      DoS introduced by patch for CVE-2011-0419.
    - CVE-2011-1928

ubuntu/dapper-updates 2011-05-24 19:05:06 UTC 2011-05-24
Import patches-unapplied version 2.0.55-4ubuntu2.13 to ubuntu/dapper-security

Author: Steve Beattie
Author Date: 2011-05-23 04:17:32 UTC

Import patches-unapplied version 2.0.55-4ubuntu2.13 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 16b6c1f1bbcc39e4f5b819010e159108725dfd63

New changelog entries:
  * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
    apache's mod_index
    - debian/patches/122_fnmatch_CVE-2011-0419.patch: rewrite
      apr_fnmatch to have a better time bounds on execution.
    - CVE-2011-0419
    - debian/patches/123_fnmatch_CVE-2011-1928.patch: fix possible
      DoS introduced by patch for CVE-2011-0419.
    - CVE-2011-1928

applied/ubuntu/dapper-devel 2011-05-24 19:05:06 UTC 2011-05-24
Import patches-applied version 2.0.55-4ubuntu2.13 to applied/ubuntu/dapper-se...

Author: Steve Beattie
Author Date: 2011-05-23 04:17:32 UTC

Import patches-applied version 2.0.55-4ubuntu2.13 to applied/ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 85c1fca4c390daf18dd89f223c418980c8086e6e
Unapplied parent: d11cd8703a735152c01a45267ea31dc7ede906fb

New changelog entries:
  * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
    apache's mod_index
    - debian/patches/122_fnmatch_CVE-2011-0419.patch: rewrite
      apr_fnmatch to have a better time bounds on execution.
    - CVE-2011-0419
    - debian/patches/123_fnmatch_CVE-2011-1928.patch: fix possible
      DoS introduced by patch for CVE-2011-0419.
    - CVE-2011-1928

ubuntu/dapper-devel 2011-05-24 19:05:06 UTC 2011-05-24
Import patches-unapplied version 2.0.55-4ubuntu2.13 to ubuntu/dapper-security

Author: Steve Beattie
Author Date: 2011-05-23 04:17:32 UTC

Import patches-unapplied version 2.0.55-4ubuntu2.13 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 16b6c1f1bbcc39e4f5b819010e159108725dfd63

New changelog entries:
  * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
    apache's mod_index
    - debian/patches/122_fnmatch_CVE-2011-0419.patch: rewrite
      apr_fnmatch to have a better time bounds on execution.
    - CVE-2011-0419
    - debian/patches/123_fnmatch_CVE-2011-1928.patch: fix possible
      DoS introduced by patch for CVE-2011-0419.
    - CVE-2011-1928

ubuntu/dapper-security 2011-05-24 19:05:06 UTC 2011-05-24
Import patches-unapplied version 2.0.55-4ubuntu2.13 to ubuntu/dapper-security

Author: Steve Beattie
Author Date: 2011-05-23 04:17:32 UTC

Import patches-unapplied version 2.0.55-4ubuntu2.13 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 16b6c1f1bbcc39e4f5b819010e159108725dfd63

New changelog entries:
  * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
    apache's mod_index
    - debian/patches/122_fnmatch_CVE-2011-0419.patch: rewrite
      apr_fnmatch to have a better time bounds on execution.
    - CVE-2011-0419
    - debian/patches/123_fnmatch_CVE-2011-1928.patch: fix possible
      DoS introduced by patch for CVE-2011-0419.
    - CVE-2011-1928

applied/ubuntu/dapper-updates 2011-05-24 19:05:06 UTC 2011-05-24
Import patches-applied version 2.0.55-4ubuntu2.13 to applied/ubuntu/dapper-se...

Author: Steve Beattie
Author Date: 2011-05-23 04:17:32 UTC

Import patches-applied version 2.0.55-4ubuntu2.13 to applied/ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 85c1fca4c390daf18dd89f223c418980c8086e6e
Unapplied parent: d11cd8703a735152c01a45267ea31dc7ede906fb

New changelog entries:
  * SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
    apache's mod_index
    - debian/patches/122_fnmatch_CVE-2011-0419.patch: rewrite
      apr_fnmatch to have a better time bounds on execution.
    - CVE-2011-0419
    - debian/patches/123_fnmatch_CVE-2011-1928.patch: fix possible
      DoS introduced by patch for CVE-2011-0419.
    - CVE-2011-1928

applied/ubuntu/natty 2011-02-22 19:04:48 UTC 2011-02-22
Import patches-applied version 2.2.17-1ubuntu1 to applied/ubuntu/natty

Author: Chuck Short
Author Date: 2011-02-22 18:02:08 UTC

Import patches-applied version 2.2.17-1ubuntu1 to applied/ubuntu/natty

Imported using git-ubuntu import.

Changelog parent: 1d02b5d53c525117ffe6be70b2b615be1aa92ad0
Unapplied parent: 23e21140f7d367afcc848c0fb823761a6aa5955d

New changelog entries:
  * Merge from debian unstable, remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.

ubuntu/natty 2011-02-22 19:04:48 UTC 2011-02-22
Import patches-unapplied version 2.2.17-1ubuntu1 to ubuntu/natty

Author: Chuck Short
Author Date: 2011-02-22 18:02:08 UTC

Import patches-unapplied version 2.2.17-1ubuntu1 to ubuntu/natty

Imported using git-ubuntu import.

Changelog parent: 37cf083701f3d38635c36b384e5c8e970ba8c2db

New changelog entries:
  * Merge from debian unstable, remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debain/apache2.py, debian/apache2.2-common.isntall: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.

ubuntu/karmic-security 2010-11-25 15:07:22 UTC 2010-11-25
Import patches-unapplied version 2.2.12-1ubuntu2.4 to ubuntu/karmic-security

Author: Marc Deslauriers
Author Date: 2010-11-18 19:02:43 UTC

Import patches-unapplied version 2.2.12-1ubuntu2.4 to ubuntu/karmic-security

Imported using git-ubuntu import.

Changelog parent: 127012bd39547f715ee6dfd6ea22a5606135fb59

New changelog entries:
  * SECURITY UPDATE: denial of service via request that lacks a path in
    mod_dav.
    - debian/patches/906_CVE-2010-1452.dpatch: fix path handling in
      modules/dav/main/util.c.
    - CVE-2010-1452

applied/ubuntu/karmic-updates 2010-11-25 15:07:22 UTC 2010-11-25
Import patches-applied version 2.2.12-1ubuntu2.4 to applied/ubuntu/karmic-sec...

Author: Marc Deslauriers
Author Date: 2010-11-18 19:02:43 UTC

Import patches-applied version 2.2.12-1ubuntu2.4 to applied/ubuntu/karmic-security

Imported using git-ubuntu import.

Changelog parent: 6637b4d10caa1726dfa0acabe399a19489a2a9ff
Unapplied parent: f226f6e547f54842f975ce274d80d0922513dfc7

New changelog entries:
  * SECURITY UPDATE: denial of service via request that lacks a path in
    mod_dav.
    - debian/patches/906_CVE-2010-1452.dpatch: fix path handling in
      modules/dav/main/util.c.
    - CVE-2010-1452

ubuntu/karmic-devel 2010-11-25 15:07:22 UTC 2010-11-25
Import patches-unapplied version 2.2.12-1ubuntu2.4 to ubuntu/karmic-security

Author: Marc Deslauriers
Author Date: 2010-11-18 19:02:43 UTC

Import patches-unapplied version 2.2.12-1ubuntu2.4 to ubuntu/karmic-security

Imported using git-ubuntu import.

Changelog parent: 127012bd39547f715ee6dfd6ea22a5606135fb59

New changelog entries:
  * SECURITY UPDATE: denial of service via request that lacks a path in
    mod_dav.
    - debian/patches/906_CVE-2010-1452.dpatch: fix path handling in
      modules/dav/main/util.c.
    - CVE-2010-1452

applied/ubuntu/karmic-security 2010-11-25 15:07:22 UTC 2010-11-25
Import patches-applied version 2.2.12-1ubuntu2.4 to applied/ubuntu/karmic-sec...

Author: Marc Deslauriers
Author Date: 2010-11-18 19:02:43 UTC

Import patches-applied version 2.2.12-1ubuntu2.4 to applied/ubuntu/karmic-security

Imported using git-ubuntu import.

Changelog parent: 6637b4d10caa1726dfa0acabe399a19489a2a9ff
Unapplied parent: f226f6e547f54842f975ce274d80d0922513dfc7

New changelog entries:
  * SECURITY UPDATE: denial of service via request that lacks a path in
    mod_dav.
    - debian/patches/906_CVE-2010-1452.dpatch: fix path handling in
      modules/dav/main/util.c.
    - CVE-2010-1452

applied/ubuntu/karmic-devel 2010-11-25 15:07:22 UTC 2010-11-25
Import patches-applied version 2.2.12-1ubuntu2.4 to applied/ubuntu/karmic-sec...

Author: Marc Deslauriers
Author Date: 2010-11-18 19:02:43 UTC

Import patches-applied version 2.2.12-1ubuntu2.4 to applied/ubuntu/karmic-security

Imported using git-ubuntu import.

Changelog parent: 6637b4d10caa1726dfa0acabe399a19489a2a9ff
Unapplied parent: f226f6e547f54842f975ce274d80d0922513dfc7

New changelog entries:
  * SECURITY UPDATE: denial of service via request that lacks a path in
    mod_dav.
    - debian/patches/906_CVE-2010-1452.dpatch: fix path handling in
      modules/dav/main/util.c.
    - CVE-2010-1452

ubuntu/karmic-updates 2010-11-25 15:07:22 UTC 2010-11-25
Import patches-unapplied version 2.2.12-1ubuntu2.4 to ubuntu/karmic-security

Author: Marc Deslauriers
Author Date: 2010-11-18 19:02:43 UTC

Import patches-unapplied version 2.2.12-1ubuntu2.4 to ubuntu/karmic-security

Imported using git-ubuntu import.

Changelog parent: 127012bd39547f715ee6dfd6ea22a5606135fb59

New changelog entries:
  * SECURITY UPDATE: denial of service via request that lacks a path in
    mod_dav.
    - debian/patches/906_CVE-2010-1452.dpatch: fix path handling in
      modules/dav/main/util.c.
    - CVE-2010-1452

applied/ubuntu/maverick 2010-09-08 13:05:06 UTC 2010-09-08
Import patches-applied version 2.2.16-1ubuntu3 to applied/ubuntu/maverick

Author: Chuck Short
Author Date: 2010-09-08 12:33:17 UTC

Import patches-applied version 2.2.16-1ubuntu3 to applied/ubuntu/maverick

Imported using git-ubuntu import.

Changelog parent: bcac3a866040467a0173ad7e9bc34845f6cb8af7
Unapplied parent: 698beff61f7f53f5cc840b6e42f8411576a62476

New changelog entries:
  * Revert "stty sane" to unbreak apache starting, this will have to be
    fixed a different way. (LP: #626723)

ubuntu/maverick 2010-09-08 13:05:06 UTC 2010-09-08
Import patches-unapplied version 2.2.16-1ubuntu3 to ubuntu/maverick

Author: Chuck Short
Author Date: 2010-09-08 12:33:17 UTC

Import patches-unapplied version 2.2.16-1ubuntu3 to ubuntu/maverick

Imported using git-ubuntu import.

Changelog parent: bf96f9f345f8eaead2197f8aa6f009f8e734616e

New changelog entries:
  * Revert "stty sane" to unbreak apache starting, this will have to be
    fixed a different way. (LP: #626723)

ubuntu/jaunty-devel 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-unapplied version 2.2.11-2ubuntu2.7 to ubuntu/jaunty-proposed

Author: Marc Deslauriers
Author Date: 2010-08-16 17:34:47 UTC

Import patches-unapplied version 2.2.11-2ubuntu2.7 to ubuntu/jaunty-proposed

Imported using git-ubuntu import.

Changelog parent: fb2d42af1aabbf1cff23730ab5c58a108248496d

New changelog entries:
  * debian/patches/909_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

ubuntu/jaunty-proposed 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-unapplied version 2.2.11-2ubuntu2.7 to ubuntu/jaunty-proposed

Author: Marc Deslauriers
Author Date: 2010-08-16 17:34:47 UTC

Import patches-unapplied version 2.2.11-2ubuntu2.7 to ubuntu/jaunty-proposed

Imported using git-ubuntu import.

Changelog parent: fb2d42af1aabbf1cff23730ab5c58a108248496d

New changelog entries:
  * debian/patches/909_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

ubuntu/jaunty-security 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-unapplied version 2.2.11-2ubuntu2.7 to ubuntu/jaunty-proposed

Author: Marc Deslauriers
Author Date: 2010-08-16 17:34:47 UTC

Import patches-unapplied version 2.2.11-2ubuntu2.7 to ubuntu/jaunty-proposed

Imported using git-ubuntu import.

Changelog parent: fb2d42af1aabbf1cff23730ab5c58a108248496d

New changelog entries:
  * debian/patches/909_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

ubuntu/jaunty-updates 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-unapplied version 2.2.11-2ubuntu2.7 to ubuntu/jaunty-proposed

Author: Marc Deslauriers
Author Date: 2010-08-16 17:34:47 UTC

Import patches-unapplied version 2.2.11-2ubuntu2.7 to ubuntu/jaunty-proposed

Imported using git-ubuntu import.

Changelog parent: fb2d42af1aabbf1cff23730ab5c58a108248496d

New changelog entries:
  * debian/patches/909_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

ubuntu/karmic-proposed 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-unapplied version 2.2.12-1ubuntu2.3 to ubuntu/karmic-proposed

Author: Marc Deslauriers
Author Date: 2010-08-16 17:26:28 UTC

Import patches-unapplied version 2.2.12-1ubuntu2.3 to ubuntu/karmic-proposed

Imported using git-ubuntu import.

Changelog parent: 13954a81aa335ad0d4b231e1e739f6e8de23c9c5

New changelog entries:
  * debian/patches/905_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

applied/ubuntu/karmic-proposed 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-applied version 2.2.12-1ubuntu2.3 to applied/ubuntu/karmic-pro...

Author: Marc Deslauriers
Author Date: 2010-08-16 17:26:28 UTC

Import patches-applied version 2.2.12-1ubuntu2.3 to applied/ubuntu/karmic-proposed

Imported using git-ubuntu import.

Changelog parent: a0acbc26df3eb9043b5319aa7cf5049013433222
Unapplied parent: 127012bd39547f715ee6dfd6ea22a5606135fb59

New changelog entries:
  * debian/patches/905_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

applied/ubuntu/jaunty-security 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-applied version 2.2.11-2ubuntu2.7 to applied/ubuntu/jaunty-pro...

Author: Marc Deslauriers
Author Date: 2010-08-16 17:34:47 UTC

Import patches-applied version 2.2.11-2ubuntu2.7 to applied/ubuntu/jaunty-proposed

Imported using git-ubuntu import.

Changelog parent: 91df1a1d4dd5b778ed27f4f80bc9967848ce0d40
Unapplied parent: f95aac7b5f9faa41bc9af5a780d53d6dbe36b9aa

New changelog entries:
  * debian/patches/909_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

applied/ubuntu/jaunty-updates 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-applied version 2.2.11-2ubuntu2.7 to applied/ubuntu/jaunty-pro...

Author: Marc Deslauriers
Author Date: 2010-08-16 17:34:47 UTC

Import patches-applied version 2.2.11-2ubuntu2.7 to applied/ubuntu/jaunty-proposed

Imported using git-ubuntu import.

Changelog parent: 91df1a1d4dd5b778ed27f4f80bc9967848ce0d40
Unapplied parent: f95aac7b5f9faa41bc9af5a780d53d6dbe36b9aa

New changelog entries:
  * debian/patches/909_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

applied/ubuntu/hardy-proposed 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-applied version 2.2.8-1ubuntu0.18 to applied/ubuntu/hardy-prop...

Author: Marc Deslauriers
Author Date: 2010-08-16 17:39:40 UTC

Import patches-applied version 2.2.8-1ubuntu0.18 to applied/ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: 86abb22bfb07bcbf7a27b20fc19b8b45d19314d4
Unapplied parent: a1c613e4d207fad0abec1313eded87fea53bd0f6

New changelog entries:
  * debian/patches/212_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

ubuntu/hardy-proposed 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-unapplied version 2.2.8-1ubuntu0.18 to ubuntu/hardy-proposed

Author: Marc Deslauriers
Author Date: 2010-08-16 17:39:40 UTC

Import patches-unapplied version 2.2.8-1ubuntu0.18 to ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: 8b3c081cadf968b86a70d8f2fbefadee514866a7

New changelog entries:
  * debian/patches/212_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

applied/ubuntu/dapper-proposed 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-applied version 2.0.55-4ubuntu2.11 to applied/ubuntu/dapper-pr...

Author: Marc Deslauriers
Author Date: 2010-08-16 17:44:28 UTC

Import patches-applied version 2.0.55-4ubuntu2.11 to applied/ubuntu/dapper-proposed

Imported using git-ubuntu import.

Changelog parent: ffb519603d1e2444f7eacc502535e97c43483b1f
Unapplied parent: 4e5592ed216a92217fbd2ce44714f66e3eac0635

New changelog entries:
  * debian/patches/119_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

applied/ubuntu/jaunty-proposed 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-applied version 2.2.11-2ubuntu2.7 to applied/ubuntu/jaunty-pro...

Author: Marc Deslauriers
Author Date: 2010-08-16 17:34:47 UTC

Import patches-applied version 2.2.11-2ubuntu2.7 to applied/ubuntu/jaunty-proposed

Imported using git-ubuntu import.

Changelog parent: 91df1a1d4dd5b778ed27f4f80bc9967848ce0d40
Unapplied parent: f95aac7b5f9faa41bc9af5a780d53d6dbe36b9aa

New changelog entries:
  * debian/patches/909_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

ubuntu/dapper-proposed 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-unapplied version 2.0.55-4ubuntu2.11 to ubuntu/dapper-proposed

Author: Marc Deslauriers
Author Date: 2010-08-16 17:44:28 UTC

Import patches-unapplied version 2.0.55-4ubuntu2.11 to ubuntu/dapper-proposed

Imported using git-ubuntu import.

Changelog parent: 95df84831771120eff0091a6351b027d2cce933f

New changelog entries:
  * debian/patches/119_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

applied/ubuntu/jaunty-devel 2010-08-18 21:05:45 UTC 2010-08-18
Import patches-applied version 2.2.11-2ubuntu2.7 to applied/ubuntu/jaunty-pro...

Author: Marc Deslauriers
Author Date: 2010-08-16 17:34:47 UTC

Import patches-applied version 2.2.11-2ubuntu2.7 to applied/ubuntu/jaunty-proposed

Imported using git-ubuntu import.

Changelog parent: 91df1a1d4dd5b778ed27f4f80bc9967848ce0d40
Unapplied parent: f95aac7b5f9faa41bc9af5a780d53d6dbe36b9aa

New changelog entries:
  * debian/patches/909_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

applied/ubuntu/lucid 2010-04-13 20:04:43 UTC 2010-04-13
Import patches-applied version 2.2.14-5ubuntu8 to applied/ubuntu/lucid

Author: Chuck Short
Author Date: 2010-04-13 19:09:57 UTC

Import patches-applied version 2.2.14-5ubuntu8 to applied/ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: 0e0b74d6c696e7faa23df68b9461cf10722d7159
Unapplied parent: d4c5988222b32205a5ed099a75ebac9a5f2eff1f

New changelog entries:
  * debian/patches/210-backport-mod-reqtimeout-ftbfs.dpatch: Add missing mod_reqtime.so
    (LP: #562370)

ubuntu/lucid 2010-04-13 20:04:43 UTC 2010-04-13
Import patches-unapplied version 2.2.14-5ubuntu8 to ubuntu/lucid

Author: Chuck Short
Author Date: 2010-04-13 19:09:57 UTC

Import patches-unapplied version 2.2.14-5ubuntu8 to ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: e88e7548956882dbd14a37178a89f8a3ca31d00c

New changelog entries:
  * debian/patches/210-backport-mod-reqtimeout-ftbfs.dpatch: Add missing mod_reqtime.so
    (LP: #562370)

ubuntu/intrepid-devel 2010-03-10 19:05:56 UTC 2010-03-10
Import patches-unapplied version 2.2.9-7ubuntu3.6 to ubuntu/intrepid-security

Author: Marc Deslauriers
Author Date: 2010-03-08 16:29:11 UTC

Import patches-unapplied version 2.2.9-7ubuntu3.6 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: a32a90c80c96a0f94717360fbda9195e763f2113

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
    - debian/patches/907_CVE-2010-0408.dpatch: return the right error code
      in modules/proxy/mod_proxy_ajp.c.
    - CVE-2010-0408
  * SECURITY UPDATE: information disclosure via improper handling of
    headers in subrequests
    - debian/patches/908_CVE-2010-0434.dpatch: use a copy of r->headers_in
      in server/protocol.c.
    - CVE-2010-0434

ubuntu/intrepid-updates 2010-03-10 19:05:56 UTC 2010-03-10
Import patches-unapplied version 2.2.9-7ubuntu3.6 to ubuntu/intrepid-security

Author: Marc Deslauriers
Author Date: 2010-03-08 16:29:11 UTC

Import patches-unapplied version 2.2.9-7ubuntu3.6 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: a32a90c80c96a0f94717360fbda9195e763f2113

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
    - debian/patches/907_CVE-2010-0408.dpatch: return the right error code
      in modules/proxy/mod_proxy_ajp.c.
    - CVE-2010-0408
  * SECURITY UPDATE: information disclosure via improper handling of
    headers in subrequests
    - debian/patches/908_CVE-2010-0434.dpatch: use a copy of r->headers_in
      in server/protocol.c.
    - CVE-2010-0434

applied/ubuntu/intrepid-updates 2010-03-10 19:05:56 UTC 2010-03-10
Import patches-applied version 2.2.9-7ubuntu3.6 to applied/ubuntu/intrepid-se...

Author: Marc Deslauriers
Author Date: 2010-03-08 16:29:11 UTC

Import patches-applied version 2.2.9-7ubuntu3.6 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: f2162c0b1f1c5b4a9ddf8d3cf15b6b6656e46253
Unapplied parent: 2c9dfbeb8e05cdff78702a1fc67f3a9dd3ca02e3

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
    - debian/patches/907_CVE-2010-0408.dpatch: return the right error code
      in modules/proxy/mod_proxy_ajp.c.
    - CVE-2010-0408
  * SECURITY UPDATE: information disclosure via improper handling of
    headers in subrequests
    - debian/patches/908_CVE-2010-0434.dpatch: use a copy of r->headers_in
      in server/protocol.c.
    - CVE-2010-0434

applied/ubuntu/intrepid-security 2010-03-10 19:05:56 UTC 2010-03-10
Import patches-applied version 2.2.9-7ubuntu3.6 to applied/ubuntu/intrepid-se...

Author: Marc Deslauriers
Author Date: 2010-03-08 16:29:11 UTC

Import patches-applied version 2.2.9-7ubuntu3.6 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: f2162c0b1f1c5b4a9ddf8d3cf15b6b6656e46253
Unapplied parent: 2c9dfbeb8e05cdff78702a1fc67f3a9dd3ca02e3

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
    - debian/patches/907_CVE-2010-0408.dpatch: return the right error code
      in modules/proxy/mod_proxy_ajp.c.
    - CVE-2010-0408
  * SECURITY UPDATE: information disclosure via improper handling of
    headers in subrequests
    - debian/patches/908_CVE-2010-0434.dpatch: use a copy of r->headers_in
      in server/protocol.c.
    - CVE-2010-0434

ubuntu/intrepid-security 2010-03-10 19:05:56 UTC 2010-03-10
Import patches-unapplied version 2.2.9-7ubuntu3.6 to ubuntu/intrepid-security

Author: Marc Deslauriers
Author Date: 2010-03-08 16:29:11 UTC

Import patches-unapplied version 2.2.9-7ubuntu3.6 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: a32a90c80c96a0f94717360fbda9195e763f2113

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
    - debian/patches/907_CVE-2010-0408.dpatch: return the right error code
      in modules/proxy/mod_proxy_ajp.c.
    - CVE-2010-0408
  * SECURITY UPDATE: information disclosure via improper handling of
    headers in subrequests
    - debian/patches/908_CVE-2010-0434.dpatch: use a copy of r->headers_in
      in server/protocol.c.
    - CVE-2010-0434

applied/ubuntu/intrepid-devel 2010-03-10 19:05:56 UTC 2010-03-10
Import patches-applied version 2.2.9-7ubuntu3.6 to applied/ubuntu/intrepid-se...

Author: Marc Deslauriers
Author Date: 2010-03-08 16:29:11 UTC

Import patches-applied version 2.2.9-7ubuntu3.6 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: f2162c0b1f1c5b4a9ddf8d3cf15b6b6656e46253
Unapplied parent: 2c9dfbeb8e05cdff78702a1fc67f3a9dd3ca02e3

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
    - debian/patches/907_CVE-2010-0408.dpatch: return the right error code
      in modules/proxy/mod_proxy_ajp.c.
    - CVE-2010-0408
  * SECURITY UPDATE: information disclosure via improper handling of
    headers in subrequests
    - debian/patches/908_CVE-2010-0434.dpatch: use a copy of r->headers_in
      in server/protocol.c.
    - CVE-2010-0434

ubuntu/karmic 2009-08-18 13:07:47 UTC 2009-08-18
Import patches-unapplied version 2.2.12-1ubuntu2 to ubuntu/karmic

Author: Marc Deslauriers
Author Date: 2009-08-17 19:38:47 UTC

Import patches-unapplied version 2.2.12-1ubuntu2 to ubuntu/karmic

Imported using git-ubuntu import.

Changelog parent: 5ca210feb52a9e8bad5baf8a40bb945a89efffa3

New changelog entries:
  * debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch:
    - Fix potential segfaults with the use of the legacy ap_rputs() etc
      interfaces, in cases where an output filter fails. This happens
      frequently after CVE-2009-1891 got fixed. (LP: #409987)

applied/ubuntu/karmic 2009-08-18 13:07:47 UTC 2009-08-18
Import patches-applied version 2.2.12-1ubuntu2 to applied/ubuntu/karmic

Author: Marc Deslauriers
Author Date: 2009-08-17 19:38:47 UTC

Import patches-applied version 2.2.12-1ubuntu2 to applied/ubuntu/karmic

Imported using git-ubuntu import.

Changelog parent: be4df96feb99f72efe9b7ac2e8cc0a0b66eec3b6
Unapplied parent: 9baa6feafe35bcabc50e3e34c81f474dec7e177f

New changelog entries:
  * debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch:
    - Fix potential segfaults with the use of the legacy ap_rputs() etc
      interfaces, in cases where an output filter fails. This happens
      frequently after CVE-2009-1891 got fixed. (LP: #409987)

applied/ubuntu/jaunty 2009-04-01 16:05:05 UTC 2009-04-01
Import patches-applied version 2.2.11-2ubuntu2 to applied/ubuntu/jaunty

Author: Chuck Short
Author Date: 2009-04-01 15:39:17 UTC

Import patches-applied version 2.2.11-2ubuntu2 to applied/ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: 13ca37070e962a04d3e4a99523e70a314c1b3da3
Unapplied parent: 48b64ed4248d9ffabcf14bf039d885fb914d0fe5

New changelog entries:
  * debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
    Fix timefmt is ignored when XBitHack is on. (LP: #258914)

ubuntu/jaunty 2009-04-01 16:05:05 UTC 2009-04-01
Import patches-unapplied version 2.2.11-2ubuntu2 to ubuntu/jaunty

Author: Chuck Short
Author Date: 2009-04-01 15:39:17 UTC

Import patches-unapplied version 2.2.11-2ubuntu2 to ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: 668af5cd6f59b4f45e2edea67a8689a0162098dd

New changelog entries:
  * debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
    Fix timefmt is ignored when XBitHack is on. (LP: #258914)

ubuntu/gutsy-devel 2009-03-10 14:04:44 UTC 2009-03-10
Import patches-unapplied version 2.2.4-3ubuntu0.2 to ubuntu/gutsy-security

Author: Marc Deslauriers
Author Date: 2009-03-05 20:54:32 UTC

Import patches-unapplied version 2.2.4-3ubuntu0.2 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: e3d2f30873054bc28de3565308d08255d99f9e55

New changelog entries:
  [ Emanuele Gentili ]
  * SECURITY UPDATE:
   + debian/patches/111_CVE-2008-2364.dpatch (LP: #239894)
    - The ap_proxy_http_process_response function in mod_proxy_http.c
      in the mod_proxy module does not limit the number of forwarded
      interim responses, which allows remote HTTP servers to cause a
      denial of service (memory consumption) via a large number of
      interim responses.
   + References
    - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364
  [ Marc Deslauriers ]
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in "413 Request
    Entity Too Large" error message
    - debian/patches/107_CVE-2007-6203.dpatch: properly escape some error
      messages in modules/http/http_protocol.c.
    - CVE-2007-6203
  * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in
    mod_proxy_balancer
    - debian/patches/108_CVE-2007-6420.dpatch: generate and validate a nonce in
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2007-6420
  * SECURITY UPDATE: Denial of service via memory leak in the zlib_stateful_init
    function (LP: #224945)
    - debian/patches/109_CVE-2008-1678.dpatch: don't call
      CRYPTO_cleanup_all_ex_data in modules/ssl/mod_ssl.c.
    - CVE-2008-1678
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability via UTF-7 encoded
    URLs
    - debian/patches/110_CVE-2008-2168.dpatch: specify a default charset in
      modules/dav/main/mod_dav.c, modules/generators/mod_info.c and
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2008-2168
  * SECURITY UPDATE: Denial of service via large number of interim responses in
    mod_proxy module (LP: #239894)
    - debian/patches/111_CVE-2008-2364.dpatch: updated patch to newer version.
    - CVE-2008-2364
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
    mod_proxy_ftp module
    - debian/patches/112_CVE-2008-2939.dpatch: escape the html
      contained in the wildcard value in modules/proxy/mod_proxy_ftp.c.
    - CVE-2008-2939

ubuntu/gutsy-updates 2009-03-10 14:04:44 UTC 2009-03-10
Import patches-unapplied version 2.2.4-3ubuntu0.2 to ubuntu/gutsy-security

Author: Marc Deslauriers
Author Date: 2009-03-05 20:54:32 UTC

Import patches-unapplied version 2.2.4-3ubuntu0.2 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: e3d2f30873054bc28de3565308d08255d99f9e55

New changelog entries:
  [ Emanuele Gentili ]
  * SECURITY UPDATE:
   + debian/patches/111_CVE-2008-2364.dpatch (LP: #239894)
    - The ap_proxy_http_process_response function in mod_proxy_http.c
      in the mod_proxy module does not limit the number of forwarded
      interim responses, which allows remote HTTP servers to cause a
      denial of service (memory consumption) via a large number of
      interim responses.
   + References
    - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364
  [ Marc Deslauriers ]
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in "413 Request
    Entity Too Large" error message
    - debian/patches/107_CVE-2007-6203.dpatch: properly escape some error
      messages in modules/http/http_protocol.c.
    - CVE-2007-6203
  * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in
    mod_proxy_balancer
    - debian/patches/108_CVE-2007-6420.dpatch: generate and validate a nonce in
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2007-6420
  * SECURITY UPDATE: Denial of service via memory leak in the zlib_stateful_init
    function (LP: #224945)
    - debian/patches/109_CVE-2008-1678.dpatch: don't call
      CRYPTO_cleanup_all_ex_data in modules/ssl/mod_ssl.c.
    - CVE-2008-1678
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability via UTF-7 encoded
    URLs
    - debian/patches/110_CVE-2008-2168.dpatch: specify a default charset in
      modules/dav/main/mod_dav.c, modules/generators/mod_info.c and
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2008-2168
  * SECURITY UPDATE: Denial of service via large number of interim responses in
    mod_proxy module (LP: #239894)
    - debian/patches/111_CVE-2008-2364.dpatch: updated patch to newer version.
    - CVE-2008-2364
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
    mod_proxy_ftp module
    - debian/patches/112_CVE-2008-2939.dpatch: escape the html
      contained in the wildcard value in modules/proxy/mod_proxy_ftp.c.
    - CVE-2008-2939

ubuntu/gutsy-security 2009-03-10 14:04:44 UTC 2009-03-10
Import patches-unapplied version 2.2.4-3ubuntu0.2 to ubuntu/gutsy-security

Author: Marc Deslauriers
Author Date: 2009-03-05 20:54:32 UTC

Import patches-unapplied version 2.2.4-3ubuntu0.2 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: e3d2f30873054bc28de3565308d08255d99f9e55

New changelog entries:
  [ Emanuele Gentili ]
  * SECURITY UPDATE:
   + debian/patches/111_CVE-2008-2364.dpatch (LP: #239894)
    - The ap_proxy_http_process_response function in mod_proxy_http.c
      in the mod_proxy module does not limit the number of forwarded
      interim responses, which allows remote HTTP servers to cause a
      denial of service (memory consumption) via a large number of
      interim responses.
   + References
    - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364
  [ Marc Deslauriers ]
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in "413 Request
    Entity Too Large" error message
    - debian/patches/107_CVE-2007-6203.dpatch: properly escape some error
      messages in modules/http/http_protocol.c.
    - CVE-2007-6203
  * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in
    mod_proxy_balancer
    - debian/patches/108_CVE-2007-6420.dpatch: generate and validate a nonce in
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2007-6420
  * SECURITY UPDATE: Denial of service via memory leak in the zlib_stateful_init
    function (LP: #224945)
    - debian/patches/109_CVE-2008-1678.dpatch: don't call
      CRYPTO_cleanup_all_ex_data in modules/ssl/mod_ssl.c.
    - CVE-2008-1678
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability via UTF-7 encoded
    URLs
    - debian/patches/110_CVE-2008-2168.dpatch: specify a default charset in
      modules/dav/main/mod_dav.c, modules/generators/mod_info.c and
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2008-2168
  * SECURITY UPDATE: Denial of service via large number of interim responses in
    mod_proxy module (LP: #239894)
    - debian/patches/111_CVE-2008-2364.dpatch: updated patch to newer version.
    - CVE-2008-2364
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
    mod_proxy_ftp module
    - debian/patches/112_CVE-2008-2939.dpatch: escape the html
      contained in the wildcard value in modules/proxy/mod_proxy_ftp.c.
    - CVE-2008-2939

applied/ubuntu/gutsy-devel 2009-03-10 14:04:44 UTC 2009-03-10
Import patches-applied version 2.2.4-3ubuntu0.2 to applied/ubuntu/gutsy-security

Author: Marc Deslauriers
Author Date: 2009-03-05 20:54:32 UTC

Import patches-applied version 2.2.4-3ubuntu0.2 to applied/ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 9623b27f7e25eac96d7cd22ec8b49f204fc15449
Unapplied parent: 2c3bb07664e86270a3ae0fedbb2d794488e93d19

New changelog entries:
  [ Emanuele Gentili ]
  * SECURITY UPDATE:
   + debian/patches/111_CVE-2008-2364.dpatch (LP: #239894)
    - The ap_proxy_http_process_response function in mod_proxy_http.c
      in the mod_proxy module does not limit the number of forwarded
      interim responses, which allows remote HTTP servers to cause a
      denial of service (memory consumption) via a large number of
      interim responses.
   + References
    - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364
  [ Marc Deslauriers ]
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in "413 Request
    Entity Too Large" error message
    - debian/patches/107_CVE-2007-6203.dpatch: properly escape some error
      messages in modules/http/http_protocol.c.
    - CVE-2007-6203
  * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in
    mod_proxy_balancer
    - debian/patches/108_CVE-2007-6420.dpatch: generate and validate a nonce in
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2007-6420
  * SECURITY UPDATE: Denial of service via memory leak in the zlib_stateful_init
    function (LP: #224945)
    - debian/patches/109_CVE-2008-1678.dpatch: don't call
      CRYPTO_cleanup_all_ex_data in modules/ssl/mod_ssl.c.
    - CVE-2008-1678
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability via UTF-7 encoded
    URLs
    - debian/patches/110_CVE-2008-2168.dpatch: specify a default charset in
      modules/dav/main/mod_dav.c, modules/generators/mod_info.c and
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2008-2168
  * SECURITY UPDATE: Denial of service via large number of interim responses in
    mod_proxy module (LP: #239894)
    - debian/patches/111_CVE-2008-2364.dpatch: updated patch to newer version.
    - CVE-2008-2364
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
    mod_proxy_ftp module
    - debian/patches/112_CVE-2008-2939.dpatch: escape the html
      contained in the wildcard value in modules/proxy/mod_proxy_ftp.c.
    - CVE-2008-2939

applied/ubuntu/gutsy-security 2009-03-10 14:04:44 UTC 2009-03-10
Import patches-applied version 2.2.4-3ubuntu0.2 to applied/ubuntu/gutsy-security

Author: Marc Deslauriers
Author Date: 2009-03-05 20:54:32 UTC

Import patches-applied version 2.2.4-3ubuntu0.2 to applied/ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 9623b27f7e25eac96d7cd22ec8b49f204fc15449
Unapplied parent: 2c3bb07664e86270a3ae0fedbb2d794488e93d19

New changelog entries:
  [ Emanuele Gentili ]
  * SECURITY UPDATE:
   + debian/patches/111_CVE-2008-2364.dpatch (LP: #239894)
    - The ap_proxy_http_process_response function in mod_proxy_http.c
      in the mod_proxy module does not limit the number of forwarded
      interim responses, which allows remote HTTP servers to cause a
      denial of service (memory consumption) via a large number of
      interim responses.
   + References
    - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364
  [ Marc Deslauriers ]
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in "413 Request
    Entity Too Large" error message
    - debian/patches/107_CVE-2007-6203.dpatch: properly escape some error
      messages in modules/http/http_protocol.c.
    - CVE-2007-6203
  * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in
    mod_proxy_balancer
    - debian/patches/108_CVE-2007-6420.dpatch: generate and validate a nonce in
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2007-6420
  * SECURITY UPDATE: Denial of service via memory leak in the zlib_stateful_init
    function (LP: #224945)
    - debian/patches/109_CVE-2008-1678.dpatch: don't call
      CRYPTO_cleanup_all_ex_data in modules/ssl/mod_ssl.c.
    - CVE-2008-1678
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability via UTF-7 encoded
    URLs
    - debian/patches/110_CVE-2008-2168.dpatch: specify a default charset in
      modules/dav/main/mod_dav.c, modules/generators/mod_info.c and
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2008-2168
  * SECURITY UPDATE: Denial of service via large number of interim responses in
    mod_proxy module (LP: #239894)
    - debian/patches/111_CVE-2008-2364.dpatch: updated patch to newer version.
    - CVE-2008-2364
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
    mod_proxy_ftp module
    - debian/patches/112_CVE-2008-2939.dpatch: escape the html
      contained in the wildcard value in modules/proxy/mod_proxy_ftp.c.
    - CVE-2008-2939

applied/ubuntu/gutsy-updates 2009-03-10 14:04:44 UTC 2009-03-10
Import patches-applied version 2.2.4-3ubuntu0.2 to applied/ubuntu/gutsy-security

Author: Marc Deslauriers
Author Date: 2009-03-05 20:54:32 UTC

Import patches-applied version 2.2.4-3ubuntu0.2 to applied/ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 9623b27f7e25eac96d7cd22ec8b49f204fc15449
Unapplied parent: 2c3bb07664e86270a3ae0fedbb2d794488e93d19

New changelog entries:
  [ Emanuele Gentili ]
  * SECURITY UPDATE:
   + debian/patches/111_CVE-2008-2364.dpatch (LP: #239894)
    - The ap_proxy_http_process_response function in mod_proxy_http.c
      in the mod_proxy module does not limit the number of forwarded
      interim responses, which allows remote HTTP servers to cause a
      denial of service (memory consumption) via a large number of
      interim responses.
   + References
    - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364
  [ Marc Deslauriers ]
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in "413 Request
    Entity Too Large" error message
    - debian/patches/107_CVE-2007-6203.dpatch: properly escape some error
      messages in modules/http/http_protocol.c.
    - CVE-2007-6203
  * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in
    mod_proxy_balancer
    - debian/patches/108_CVE-2007-6420.dpatch: generate and validate a nonce in
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2007-6420
  * SECURITY UPDATE: Denial of service via memory leak in the zlib_stateful_init
    function (LP: #224945)
    - debian/patches/109_CVE-2008-1678.dpatch: don't call
      CRYPTO_cleanup_all_ex_data in modules/ssl/mod_ssl.c.
    - CVE-2008-1678
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability via UTF-7 encoded
    URLs
    - debian/patches/110_CVE-2008-2168.dpatch: specify a default charset in
      modules/dav/main/mod_dav.c, modules/generators/mod_info.c and
      modules/proxy/mod_proxy_balancer.c.
    - CVE-2008-2168
  * SECURITY UPDATE: Denial of service via large number of interim responses in
    mod_proxy module (LP: #239894)
    - debian/patches/111_CVE-2008-2364.dpatch: updated patch to newer version.
    - CVE-2008-2364
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
    mod_proxy_ftp module
    - debian/patches/112_CVE-2008-2939.dpatch: escape the html
      contained in the wildcard value in modules/proxy/mod_proxy_ftp.c.
    - CVE-2008-2939

ubuntu/intrepid 2008-09-19 14:04:27 UTC 2008-09-19
Import patches-unapplied version 2.2.9-7ubuntu3 to ubuntu/intrepid

Author: Chuck Short
Author Date: 2008-09-19 13:32:01 UTC

Import patches-unapplied version 2.2.9-7ubuntu3 to ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: 4afa2bfdc6f4ba86beb9197b65a7efea65e77577

New changelog entries:
  * Revert logrotate change since it will break it for everyone.

applied/ubuntu/intrepid 2008-09-19 14:04:27 UTC 2008-09-19
Import patches-applied version 2.2.9-7ubuntu3 to applied/ubuntu/intrepid

Author: Chuck Short
Author Date: 2008-09-19 13:32:01 UTC

Import patches-applied version 2.2.9-7ubuntu3 to applied/ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: 229131ec49ebc9173ac7d9c7256ba4a7e94ca7a2
Unapplied parent: 28aafa174cfe9e80d3b0c0c58721d7869a934020

New changelog entries:
  * Revert logrotate change since it will break it for everyone.

applied/ubuntu/feisty-updates 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-applied version 2.2.3-3.2ubuntu2.1 to applied/ubuntu/feisty-se...

Author: Jamie Strandboge
Author Date: 2008-01-29 17:34:21 UTC

Import patches-applied version 2.2.3-3.2ubuntu2.1 to applied/ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: 513b7b836766f50e6c6f0e1d7a0c9d88af64ddca
Unapplied parent: 512209951546724be6b43e232d425161d5beec51

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.dpatch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.dpatch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imagemap
  * debian/patches/102_CVE-2007-5000.dpatch: fix for mod_imagemap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.dpatch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_balancer
  * debian/patches/104_CVE-2007-6421.dpatch: fix for mod_proxy_balancer.c to
    use ap_escape_html()
  * SECURITY UPDATE: denial of service (application crash) in
    mod_proxy_balancer when MPM is used
  * debian/patches/105_CVE-2007-6422.dpatch: fix for /mod_proxy_balancer.c to
    check bsel is non-NULL
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_ftp when
    charset is not defined
  * debian/patches/106_CVE-2008-0005.dpatch: fix for mod_proxy_ftp.c to define
    a charset
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2007-6421
    CVE-2007-6422
    CVE-2008-0005

ubuntu/feisty-updates 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-unapplied version 2.2.3-3.2ubuntu2.1 to ubuntu/feisty-security

Author: Jamie Strandboge
Author Date: 2008-01-29 17:34:21 UTC

Import patches-unapplied version 2.2.3-3.2ubuntu2.1 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: c722ce8f6171104a61381f9cb31b6758e5c99b67

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.dpatch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.dpatch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imagemap
  * debian/patches/102_CVE-2007-5000.dpatch: fix for mod_imagemap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.dpatch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_balancer
  * debian/patches/104_CVE-2007-6421.dpatch: fix for mod_proxy_balancer.c to
    use ap_escape_html()
  * SECURITY UPDATE: denial of service (application crash) in
    mod_proxy_balancer when MPM is used
  * debian/patches/105_CVE-2007-6422.dpatch: fix for /mod_proxy_balancer.c to
    check bsel is non-NULL
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_ftp when
    charset is not defined
  * debian/patches/106_CVE-2008-0005.dpatch: fix for mod_proxy_ftp.c to define
    a charset
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2007-6421
    CVE-2007-6422
    CVE-2008-0005

ubuntu/feisty-security 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-unapplied version 2.2.3-3.2ubuntu2.1 to ubuntu/feisty-security

Author: Jamie Strandboge
Author Date: 2008-01-29 17:34:21 UTC

Import patches-unapplied version 2.2.3-3.2ubuntu2.1 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: c722ce8f6171104a61381f9cb31b6758e5c99b67

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.dpatch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.dpatch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imagemap
  * debian/patches/102_CVE-2007-5000.dpatch: fix for mod_imagemap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.dpatch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_balancer
  * debian/patches/104_CVE-2007-6421.dpatch: fix for mod_proxy_balancer.c to
    use ap_escape_html()
  * SECURITY UPDATE: denial of service (application crash) in
    mod_proxy_balancer when MPM is used
  * debian/patches/105_CVE-2007-6422.dpatch: fix for /mod_proxy_balancer.c to
    check bsel is non-NULL
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_ftp when
    charset is not defined
  * debian/patches/106_CVE-2008-0005.dpatch: fix for mod_proxy_ftp.c to define
    a charset
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2007-6421
    CVE-2007-6422
    CVE-2008-0005

ubuntu/feisty-devel 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-unapplied version 2.2.3-3.2ubuntu2.1 to ubuntu/feisty-security

Author: Jamie Strandboge
Author Date: 2008-01-29 17:34:21 UTC

Import patches-unapplied version 2.2.3-3.2ubuntu2.1 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: c722ce8f6171104a61381f9cb31b6758e5c99b67

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.dpatch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.dpatch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imagemap
  * debian/patches/102_CVE-2007-5000.dpatch: fix for mod_imagemap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.dpatch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_balancer
  * debian/patches/104_CVE-2007-6421.dpatch: fix for mod_proxy_balancer.c to
    use ap_escape_html()
  * SECURITY UPDATE: denial of service (application crash) in
    mod_proxy_balancer when MPM is used
  * debian/patches/105_CVE-2007-6422.dpatch: fix for /mod_proxy_balancer.c to
    check bsel is non-NULL
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_ftp when
    charset is not defined
  * debian/patches/106_CVE-2008-0005.dpatch: fix for mod_proxy_ftp.c to define
    a charset
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2007-6421
    CVE-2007-6422
    CVE-2008-0005

ubuntu/edgy-updates 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-unapplied version 2.0.55-4ubuntu4.2 to ubuntu/edgy-security

Author: Jamie Strandboge
Author Date: 2008-01-29 20:12:00 UTC

Import patches-unapplied version 2.0.55-4ubuntu4.2 to ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 5d98d74dffb1fcecd38db17441be3905be52e6e7

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.patch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.patch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imap
  * debian/patches/102_CVE-2007-5000.patch: fix for mod_imap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.patch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in proxy_ftp when
    charset is not defined
  * debian/patches/104_CVE-2008-0005.patch: fix for proxy_ftp.c to define
    a charset
  * SECURITY UPDATE: cross-site scripting vulnerability in Expect headers
  * debian/patches/105_CVE-2006-3918.patch: fix for http_protocol.c to use
    ap_escape_html()
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2008-0005
    CVE-2006-3918

ubuntu/edgy-security 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-unapplied version 2.0.55-4ubuntu4.2 to ubuntu/edgy-security

Author: Jamie Strandboge
Author Date: 2008-01-29 20:12:00 UTC

Import patches-unapplied version 2.0.55-4ubuntu4.2 to ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 5d98d74dffb1fcecd38db17441be3905be52e6e7

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.patch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.patch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imap
  * debian/patches/102_CVE-2007-5000.patch: fix for mod_imap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.patch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in proxy_ftp when
    charset is not defined
  * debian/patches/104_CVE-2008-0005.patch: fix for proxy_ftp.c to define
    a charset
  * SECURITY UPDATE: cross-site scripting vulnerability in Expect headers
  * debian/patches/105_CVE-2006-3918.patch: fix for http_protocol.c to use
    ap_escape_html()
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2008-0005
    CVE-2006-3918

ubuntu/edgy-devel 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-unapplied version 2.0.55-4ubuntu4.2 to ubuntu/edgy-security

Author: Jamie Strandboge
Author Date: 2008-01-29 20:12:00 UTC

Import patches-unapplied version 2.0.55-4ubuntu4.2 to ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 5d98d74dffb1fcecd38db17441be3905be52e6e7

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.patch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.patch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imap
  * debian/patches/102_CVE-2007-5000.patch: fix for mod_imap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.patch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in proxy_ftp when
    charset is not defined
  * debian/patches/104_CVE-2008-0005.patch: fix for proxy_ftp.c to define
    a charset
  * SECURITY UPDATE: cross-site scripting vulnerability in Expect headers
  * debian/patches/105_CVE-2006-3918.patch: fix for http_protocol.c to use
    ap_escape_html()
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2008-0005
    CVE-2006-3918

applied/ubuntu/feisty-security 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-applied version 2.2.3-3.2ubuntu2.1 to applied/ubuntu/feisty-se...

Author: Jamie Strandboge
Author Date: 2008-01-29 17:34:21 UTC

Import patches-applied version 2.2.3-3.2ubuntu2.1 to applied/ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: 513b7b836766f50e6c6f0e1d7a0c9d88af64ddca
Unapplied parent: 512209951546724be6b43e232d425161d5beec51

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.dpatch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.dpatch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imagemap
  * debian/patches/102_CVE-2007-5000.dpatch: fix for mod_imagemap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.dpatch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_balancer
  * debian/patches/104_CVE-2007-6421.dpatch: fix for mod_proxy_balancer.c to
    use ap_escape_html()
  * SECURITY UPDATE: denial of service (application crash) in
    mod_proxy_balancer when MPM is used
  * debian/patches/105_CVE-2007-6422.dpatch: fix for /mod_proxy_balancer.c to
    check bsel is non-NULL
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_ftp when
    charset is not defined
  * debian/patches/106_CVE-2008-0005.dpatch: fix for mod_proxy_ftp.c to define
    a charset
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2007-6421
    CVE-2007-6422
    CVE-2008-0005

applied/ubuntu/feisty-devel 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-applied version 2.2.3-3.2ubuntu2.1 to applied/ubuntu/feisty-se...

Author: Jamie Strandboge
Author Date: 2008-01-29 17:34:21 UTC

Import patches-applied version 2.2.3-3.2ubuntu2.1 to applied/ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: 513b7b836766f50e6c6f0e1d7a0c9d88af64ddca
Unapplied parent: 512209951546724be6b43e232d425161d5beec51

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.dpatch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.dpatch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imagemap
  * debian/patches/102_CVE-2007-5000.dpatch: fix for mod_imagemap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.dpatch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_balancer
  * debian/patches/104_CVE-2007-6421.dpatch: fix for mod_proxy_balancer.c to
    use ap_escape_html()
  * SECURITY UPDATE: denial of service (application crash) in
    mod_proxy_balancer when MPM is used
  * debian/patches/105_CVE-2007-6422.dpatch: fix for /mod_proxy_balancer.c to
    check bsel is non-NULL
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_proxy_ftp when
    charset is not defined
  * debian/patches/106_CVE-2008-0005.dpatch: fix for mod_proxy_ftp.c to define
    a charset
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2007-6421
    CVE-2007-6422
    CVE-2008-0005

applied/ubuntu/edgy-updates 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-applied version 2.0.55-4ubuntu4.2 to applied/ubuntu/edgy-security

Author: Jamie Strandboge
Author Date: 2008-01-29 20:12:00 UTC

Import patches-applied version 2.0.55-4ubuntu4.2 to applied/ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: d5602f3f558d7b5e6e33572a67da6fa654c09873
Unapplied parent: b6801bf2725e35df32faa73b2d574070d86afc19

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.patch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.patch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imap
  * debian/patches/102_CVE-2007-5000.patch: fix for mod_imap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.patch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in proxy_ftp when
    charset is not defined
  * debian/patches/104_CVE-2008-0005.patch: fix for proxy_ftp.c to define
    a charset
  * SECURITY UPDATE: cross-site scripting vulnerability in Expect headers
  * debian/patches/105_CVE-2006-3918.patch: fix for http_protocol.c to use
    ap_escape_html()
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2008-0005
    CVE-2006-3918

applied/ubuntu/edgy-security 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-applied version 2.0.55-4ubuntu4.2 to applied/ubuntu/edgy-security

Author: Jamie Strandboge
Author Date: 2008-01-29 20:12:00 UTC

Import patches-applied version 2.0.55-4ubuntu4.2 to applied/ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: d5602f3f558d7b5e6e33572a67da6fa654c09873
Unapplied parent: b6801bf2725e35df32faa73b2d574070d86afc19

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.patch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.patch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imap
  * debian/patches/102_CVE-2007-5000.patch: fix for mod_imap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.patch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in proxy_ftp when
    charset is not defined
  * debian/patches/104_CVE-2008-0005.patch: fix for proxy_ftp.c to define
    a charset
  * SECURITY UPDATE: cross-site scripting vulnerability in Expect headers
  * debian/patches/105_CVE-2006-3918.patch: fix for http_protocol.c to use
    ap_escape_html()
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2008-0005
    CVE-2006-3918

applied/ubuntu/edgy-devel 2008-02-04 22:04:51 UTC 2008-02-04
Import patches-applied version 2.0.55-4ubuntu4.2 to applied/ubuntu/edgy-security

Author: Jamie Strandboge
Author Date: 2008-01-29 20:12:00 UTC

Import patches-applied version 2.0.55-4ubuntu4.2 to applied/ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: d5602f3f558d7b5e6e33572a67da6fa654c09873
Unapplied parent: b6801bf2725e35df32faa73b2d574070d86afc19

New changelog entries:
  * SECURITY UPDATE: denial of service (application crash) when using
    mod_proxy in threaded MPM via crafted date headers.
  * debian/patches/100_CVE-2007-3847.patch: fix proxy_util.c to use
    apr_date_parse_http() and apr_rfc822_date()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_autoindex.c
    when charset not defined
  * debian/patches/101_CVE-2007-4465.patch: fix mod_autoindex.c to properly
    check for and use charset
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_imap
  * debian/patches/102_CVE-2007-5000.patch: fix for mod_imap.c to use
    ap_escape_html()
  * SECURITY UPDATE: cross-site scripting vulnerability in mod_status when
    server-status is enabled
  * debian/patches/103_CVE-2007-6388.patch: fix for mod_status.c to properly
    setup table
  * SECURITY UPDATE: cross-site scripting vulnerability in proxy_ftp when
    charset is not defined
  * debian/patches/104_CVE-2008-0005.patch: fix for proxy_ftp.c to define
    a charset
  * SECURITY UPDATE: cross-site scripting vulnerability in Expect headers
  * debian/patches/105_CVE-2006-3918.patch: fix for http_protocol.c to use
    ap_escape_html()
  * References
    CVE-2007-3847
    CVE-2007-4465
    CVE-2007-5000
    CVE-2007-6388
    CVE-2008-0005
    CVE-2006-3918

applied/ubuntu/hardy 2008-02-02 03:04:02 UTC 2008-02-02
Import patches-applied version 2.2.8-1 to applied/ubuntu/hardy

Author: Stefan Fritsch
Author Date: 2008-01-17 19:27:56 UTC

Import patches-applied version 2.2.8-1 to applied/ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: e98e9902ad1cb5eb6ca6d593b703aed2fe67f79d
Unapplied parent: 5504675a4ade3ec5a0ea8f0a0ca52a691eec2127

New changelog entries:
  * New upstream version:
    - Fixes cross-site scripting issues in
      o mod_imagemap (CVE-2007-5000)
      o mod_status (CVE-2007-6388)
      o mod_proxy_balancer's balancer manager (CVE-2007-6421)
    - Fixes a denial of service issue in mod_proxy_balancer's balancer manager
      (CVE-2007-6422).
    - Fixes mod_proxy URL encoding in error messages (closes: #337325).
    - Adds explicit charset to the output of various modules to work around
      possible cross-site scripting flaws affecting web browsers that do not
      derive the response character set as required by RFC2616. For
      mod_proxy_ftp there is now the new ProxyFtpDirCharset directive to
      specify something else than ISO-8859-1 (CVE-2008-0005).
    - Adds mod_substitute which performs inline response content pattern
      matching (including regex) and substitution (like mod_line_edit).
    - Adds "DefaultType none" option.
    - Adds new "B" option to RewriteRule to suppress URL unescaping.
    - Adds an "if" directive for mod_include to test whether an URL is
      accessible, and if so, conditionally display content.
    - Adds support for mod_ssl to the event MPM.
  * Move the configuration of User, Group, and PidFile to
    /etc/apache2/envvars. This makes it easier to use these settings in
    scripts. /etc/apache2/envvars can now also be used to influence apache2ctl
    (inspired by Marc Haber's patch). (Closes: #349709, #460105, #458085)
  * Make apache2ctl check the configuration syntax before trying to restart
    apache, to match the behaviour documented in the man page.
    (Closes: #459236)
  * Convert docs to be directly viewable with a browser (and not use content
    negotiation).
  * Add doc-base entry for the documentation. (closes: #311269)
  * Don't ship default files in /var/www, but copy a sample file to
    /var/www/index.html on new installs. Also remove the now unneeded
    RedirectMatch line from sites-available/default.
    (Closes: #411774, #458093)
  * Add some information to README.Debian (Apache wiki, default virtual host)
  * Build with LDFLAGS=-Wl,--as-needed to drop a lot of unnecessary
    dependencies, easing library transitions (closes: #458857).
  * Add icons for OpenDocuments, add sharutils to Build-Depends for uudecode.
    Patch by Nicolas Valcárcel. (Closes: #436441)
  * Add reportbug script to list enabled modules.
  * Fix some lintian warnings:
    - Pass --no-start to dh_installinit instead of omitting the debhelper token
      in various maintainer scripts. Also move the update-rc.d call to
      apache2.2-common.
    - Add Short-Description to init script.
  * Remove unused apache2-mpm-prefork.prerm from source package and clean up
    debian/rules a bit.
  * Don't ship NEWS.Debian with apache2-utils, as the contents are only
    relevant for the server.

ubuntu/hardy 2008-02-02 03:04:02 UTC 2008-02-02
Import patches-unapplied version 2.2.8-1 to ubuntu/hardy

Author: Stefan Fritsch
Author Date: 2008-01-17 19:27:56 UTC

Import patches-unapplied version 2.2.8-1 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 272a746d97189c54b5dadda77f4fec37a408e9bf

New changelog entries:
  * New upstream version:
    - Fixes cross-site scripting issues in
      o mod_imagemap (CVE-2007-5000)
      o mod_status (CVE-2007-6388)
      o mod_proxy_balancer's balancer manager (CVE-2007-6421)
    - Fixes a denial of service issue in mod_proxy_balancer's balancer manager
      (CVE-2007-6422).
    - Fixes mod_proxy URL encoding in error messages (closes: #337325).
    - Adds explicit charset to the output of various modules to work around
      possible cross-site scripting flaws affecting web browsers that do not
      derive the response character set as required by RFC2616. For
      mod_proxy_ftp there is now the new ProxyFtpDirCharset directive to
      specify something else than ISO-8859-1 (CVE-2008-0005).
    - Adds mod_substitute which performs inline response content pattern
      matching (including regex) and substitution (like mod_line_edit).
    - Adds "DefaultType none" option.
    - Adds new "B" option to RewriteRule to suppress URL unescaping.
    - Adds an "if" directive for mod_include to test whether an URL is
      accessible, and if so, conditionally display content.
    - Adds support for mod_ssl to the event MPM.
  * Move the configuration of User, Group, and PidFile to
    /etc/apache2/envvars. This makes it easier to use these settings in
    scripts. /etc/apache2/envvars can now also be used to influence apache2ctl
    (inspired by Marc Haber's patch). (Closes: #349709, #460105, #458085)
  * Make apache2ctl check the configuration syntax before trying to restart
    apache, to match the behaviour documented in the man page.
    (Closes: #459236)
  * Convert docs to be directly viewable with a browser (and not use content
    negotiation).
  * Add doc-base entry for the documentation. (closes: #311269)
  * Don't ship default files in /var/www, but copy a sample file to
    /var/www/index.html on new installs. Also remove the now unneeded
    RedirectMatch line from sites-available/default.
    (Closes: #411774, #458093)
  * Add some information to README.Debian (Apache wiki, default virtual host)
  * Build with LDFLAGS=-Wl,--as-needed to drop a lot of unnecessary
    dependencies, easing library transitions (closes: #458857).
  * Add icons for OpenDocuments, add sharutils to Build-Depends for uudecode.
    Patch by Nicolas Valcárcel. (Closes: #436441)
  * Add reportbug script to list enabled modules.
  * Fix some lintian warnings:
    - Pass --no-start to dh_installinit instead of omitting the debhelper token
      in various maintainer scripts. Also move the update-rc.d call to
      apache2.2-common.
    - Add Short-Description to init script.
  * Remove unused apache2-mpm-prefork.prerm from source package and clean up
    debian/rules a bit.
  * Don't ship NEWS.Debian with apache2-utils, as the contents are only
    relevant for the server.

ubuntu/feisty-proposed 2007-11-22 09:03:38 UTC 2007-11-22
Import patches-unapplied version 2.2.3-3.2ubuntu2 to ubuntu/feisty-proposed

Author: Mathias Gug
Author Date: 2007-11-21 21:55:25 UTC

Import patches-unapplied version 2.2.3-3.2ubuntu2 to ubuntu/feisty-proposed

Imported using git-ubuntu import.

Changelog parent: feefdc175424a2bba8748fe884fc8f7b18478a48

New changelog entries:
  * debian/apache2.2-common.init.d: make sure that /var/lock/apache2 is owned
    by www-data. Fixes LP: #129920.

applied/ubuntu/feisty-proposed 2007-11-22 09:03:38 UTC 2007-11-22
Import patches-applied version 2.2.3-3.2ubuntu2 to applied/ubuntu/feisty-prop...

Author: Mathias Gug
Author Date: 2007-11-21 21:55:25 UTC

Import patches-applied version 2.2.3-3.2ubuntu2 to applied/ubuntu/feisty-proposed

Imported using git-ubuntu import.

Changelog parent: dcf8e2ec19e0176c37b5dfd4159f3254020687a8
Unapplied parent: c722ce8f6171104a61381f9cb31b6758e5c99b67

New changelog entries:
  * debian/apache2.2-common.init.d: make sure that /var/lock/apache2 is owned
    by www-data. Fixes LP: #129920.

ubuntu/gutsy 2007-10-04 23:05:35 UTC 2007-10-04
Import patches-unapplied version 2.2.4-3build1 to ubuntu/gutsy

Author: LaMont Jones
Author Date: 2007-10-04 17:58:34 UTC

Import patches-unapplied version 2.2.4-3build1 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 97ecbf9eaefe3e89bd6b5c775a2c7adf09d9aa16

New changelog entries:
  * Trigger rebuild for hppa

applied/ubuntu/gutsy 2007-10-04 23:05:35 UTC 2007-10-04
Import patches-applied version 2.2.4-3build1 to applied/ubuntu/gutsy

Author: LaMont Jones
Author Date: 2007-10-04 17:58:34 UTC

Import patches-applied version 2.2.4-3build1 to applied/ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: ed76e69299be7410bc93aa3a5c2319e691e618dd
Unapplied parent: 007e0885d14fc0b3fb017dbc8f5aecb611035477

New changelog entries:
  * Trigger rebuild for hppa

ubuntu/feisty 2007-01-15 17:03:49 UTC 2007-01-15
Import patches-unapplied version 2.2.3-3.2build1 to ubuntu/feisty

Author: Martin Pitt
Author Date: 2007-01-15 16:10:39 UTC

Import patches-unapplied version 2.2.3-3.2build1 to ubuntu/feisty

Imported using git-ubuntu import.

Changelog parent: e560b75b498f68319346543fc68580d6b6933013

New changelog entries:
  * No-change upload for the libpq4->libpq5 transition.

applied/ubuntu/feisty 2007-01-15 17:03:49 UTC 2007-01-15
Import patches-applied version 2.2.3-3.2build1 to applied/ubuntu/feisty

Author: Martin Pitt
Author Date: 2007-01-15 16:10:39 UTC

Import patches-applied version 2.2.3-3.2build1 to applied/ubuntu/feisty

Imported using git-ubuntu import.

Changelog parent: 348870c568f0ccba9ce1ceab45009c91addabf23
Unapplied parent: 6f85e15c72930581e490084cc2ff522b6ab684c3

New changelog entries:
  * No-change upload for the libpq4->libpq5 transition.

ubuntu/edgy 2006-09-27 16:03:13 UTC 2006-09-27
Import patches-unapplied version 2.0.55-4ubuntu4 to ubuntu/edgy

Author: Martin Pitt
Author Date: 2006-09-27 14:23:09 UTC

Import patches-unapplied version 2.0.55-4ubuntu4 to ubuntu/edgy

Imported using git-ubuntu import.

Changelog parent: a0b302a2ed0aee3fa4cce1f648db7352ec6790b6

New changelog entries:
  * Add debian/patches/054_restore_prefix_fix:
    - Fix autoconf macros to work with autoconf 2.60 (AC_CANONICAL_SYSTEM
      overwrites $@ in 2.60, see Debian bug #372179), so that the package
      builds again on recent Edgy.
    - Thanks to Daniel Schepler <schepler@math.berkeley.edu> for this patch
      (taken from Debian #374160)
    - Closes: LP#62242

applied/ubuntu/edgy 2006-09-27 16:03:13 UTC 2006-09-27
Import patches-applied version 2.0.55-4ubuntu4 to applied/ubuntu/edgy

Author: Martin Pitt
Author Date: 2006-09-27 14:23:09 UTC

Import patches-applied version 2.0.55-4ubuntu4 to applied/ubuntu/edgy

Imported using git-ubuntu import.

Changelog parent: 1b3d08b6e7b1b426ec787276c8a1a373e0c7859f
Unapplied parent: 893391ae39edf394545212af60eed7704580500e

New changelog entries:
  * Add debian/patches/054_restore_prefix_fix:
    - Fix autoconf macros to work with autoconf 2.60 (AC_CANONICAL_SYSTEM
      overwrites $@ in 2.60, see Debian bug #372179), so that the package
      builds again on recent Edgy.
    - Thanks to Daniel Schepler <schepler@math.berkeley.edu> for this patch
      (taken from Debian #374160)
    - Closes: LP#62242

applied/ubuntu/hoary-devel 2006-07-28 01:12:37 UTC 2006-07-28
Import patches-applied version 2.0.53-5ubuntu5.6 to applied/ubuntu/hoary-secu...

Author: Martin Pitt
Author Date: 2006-07-26 07:20:37 UTC

Import patches-applied version 2.0.53-5ubuntu5.6 to applied/ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: 657ecdcdcbf45caf67ed50afa297d5299082105b
Unapplied parent: 6908b2459e1534584bf62fc76c4c60fed0ff79aa

New changelog entries:
  * SECURITY UPDATE: Remote DoS, potential remote code execution.
  * Add debian/patches/053_mod_rewite_CVE-2006-3747:
    - Fix off-by-one buffer overflow in mod_rewrite's ldap scheme handler.
    - Reported by Mark Dowd of McAfee Avert Labs.
    - CVE-2006-3747

ubuntu/hoary-security 2006-07-28 01:12:37 UTC 2006-07-28
Import patches-unapplied version 2.0.53-5ubuntu5.6 to ubuntu/hoary-security

Author: Martin Pitt
Author Date: 2006-07-26 07:20:37 UTC

Import patches-unapplied version 2.0.53-5ubuntu5.6 to ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: 3099455f859b99511d89df4f27f5cc597bd0f29b

New changelog entries:
  * SECURITY UPDATE: Remote DoS, potential remote code execution.
  * Add debian/patches/053_mod_rewite_CVE-2006-3747:
    - Fix off-by-one buffer overflow in mod_rewrite's ldap scheme handler.
    - Reported by Mark Dowd of McAfee Avert Labs.
    - CVE-2006-3747

applied/ubuntu/breezy-security 2006-07-28 01:12:37 UTC 2006-07-28
Import patches-applied version 2.0.54-5ubuntu4.1 to applied/ubuntu/breezy-sec...

Author: Martin Pitt
Author Date: 2006-07-26 07:18:39 UTC

Import patches-applied version 2.0.54-5ubuntu4.1 to applied/ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: bc8dec8fb8d5c02e5b19f12982865ad26bc99e06
Unapplied parent: 2e0bdf3ad9292466e60d2dcd8c63f62c50e6474e

New changelog entries:
  * SECURITY UPDATE: Remote DoS, potential remote code execution.
  * Add debian/patches/053_mod_rewite_CVE-2006-3747:
    - Fix off-by-one buffer overflow in mod_rewrite's ldap scheme handler.
    - Reported by Mark Dowd of McAfee Avert Labs.
    - CVE-2006-3747

applied/ubuntu/breezy-devel 2006-07-28 01:12:37 UTC 2006-07-28
Import patches-applied version 2.0.54-5ubuntu4.1 to applied/ubuntu/breezy-sec...

Author: Martin Pitt
Author Date: 2006-07-26 07:18:39 UTC

Import patches-applied version 2.0.54-5ubuntu4.1 to applied/ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: bc8dec8fb8d5c02e5b19f12982865ad26bc99e06
Unapplied parent: 2e0bdf3ad9292466e60d2dcd8c63f62c50e6474e

New changelog entries:
  * SECURITY UPDATE: Remote DoS, potential remote code execution.
  * Add debian/patches/053_mod_rewite_CVE-2006-3747:
    - Fix off-by-one buffer overflow in mod_rewrite's ldap scheme handler.
    - Reported by Mark Dowd of McAfee Avert Labs.
    - CVE-2006-3747

ubuntu/breezy-devel 2006-07-28 01:12:37 UTC 2006-07-28
Import patches-unapplied version 2.0.54-5ubuntu4.1 to ubuntu/breezy-security

Author: Martin Pitt
Author Date: 2006-07-26 07:18:39 UTC

Import patches-unapplied version 2.0.54-5ubuntu4.1 to ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: b8faaf6c1917684cff7b4d15cbec148194d23458

New changelog entries:
  * SECURITY UPDATE: Remote DoS, potential remote code execution.
  * Add debian/patches/053_mod_rewite_CVE-2006-3747:
    - Fix off-by-one buffer overflow in mod_rewrite's ldap scheme handler.
    - Reported by Mark Dowd of McAfee Avert Labs.
    - CVE-2006-3747

ubuntu/hoary-devel 2006-07-28 01:12:37 UTC 2006-07-28
Import patches-unapplied version 2.0.53-5ubuntu5.6 to ubuntu/hoary-security

Author: Martin Pitt
Author Date: 2006-07-26 07:20:37 UTC

Import patches-unapplied version 2.0.53-5ubuntu5.6 to ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: 3099455f859b99511d89df4f27f5cc597bd0f29b

New changelog entries:
  * SECURITY UPDATE: Remote DoS, potential remote code execution.
  * Add debian/patches/053_mod_rewite_CVE-2006-3747:
    - Fix off-by-one buffer overflow in mod_rewrite's ldap scheme handler.
    - Reported by Mark Dowd of McAfee Avert Labs.
    - CVE-2006-3747

applied/ubuntu/hoary-security 2006-07-28 01:12:37 UTC 2006-07-28
Import patches-applied version 2.0.53-5ubuntu5.6 to applied/ubuntu/hoary-secu...

Author: Martin Pitt
Author Date: 2006-07-26 07:20:37 UTC

Import patches-applied version 2.0.53-5ubuntu5.6 to applied/ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: 657ecdcdcbf45caf67ed50afa297d5299082105b
Unapplied parent: 6908b2459e1534584bf62fc76c4c60fed0ff79aa

New changelog entries:
  * SECURITY UPDATE: Remote DoS, potential remote code execution.
  * Add debian/patches/053_mod_rewite_CVE-2006-3747:
    - Fix off-by-one buffer overflow in mod_rewrite's ldap scheme handler.
    - Reported by Mark Dowd of McAfee Avert Labs.
    - CVE-2006-3747

ubuntu/breezy-security 2006-07-28 01:12:37 UTC 2006-07-28
Import patches-unapplied version 2.0.54-5ubuntu4.1 to ubuntu/breezy-security

Author: Martin Pitt
Author Date: 2006-07-26 07:18:39 UTC

Import patches-unapplied version 2.0.54-5ubuntu4.1 to ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: b8faaf6c1917684cff7b4d15cbec148194d23458

New changelog entries:
  * SECURITY UPDATE: Remote DoS, potential remote code execution.
  * Add debian/patches/053_mod_rewite_CVE-2006-3747:
    - Fix off-by-one buffer overflow in mod_rewrite's ldap scheme handler.
    - Reported by Mark Dowd of McAfee Avert Labs.
    - CVE-2006-3747

applied/ubuntu/dapper 2006-05-29 01:06:38 UTC 2006-05-29
Import patches-applied version 2.0.55-4ubuntu2 to applied/ubuntu/dapper

Author: Adam Conrad
Author Date: 2006-05-26 10:12:28 UTC

Import patches-applied version 2.0.55-4ubuntu2 to applied/ubuntu/dapper

Imported using git-ubuntu import.

Changelog parent: 002805185e4e258976652ba495fa3ec5b93fdcc4
Unapplied parent: d7a8237e104dc0117991d1983f43cef255509076

New changelog entries:
  * Include patch from SVN HEAD to make sure LFS works on 64-bit platforms
    where sendfile() doesn't like dealing with anything larger than 32-bit
    chunks. Yes, Linux 2.6, I'm looking at you (see: launchpad.net/11850)

ubuntu/dapper 2006-05-29 01:06:38 UTC 2006-05-29
Import patches-unapplied version 2.0.55-4ubuntu2 to ubuntu/dapper

Author: Adam Conrad
Author Date: 2006-05-26 10:12:28 UTC

Import patches-unapplied version 2.0.55-4ubuntu2 to ubuntu/dapper

Imported using git-ubuntu import.

Changelog parent: b276d2c8d339ae0484867fa2442ba935dc3d45fd

New changelog entries:
  * Include patch from SVN HEAD to make sure LFS works on 64-bit platforms
    where sendfile() doesn't like dealing with anything larger than 32-bit
    chunks. Yes, Linux 2.6, I'm looking at you (see: launchpad.net/11850)

201300 of 310 results

Other repositories

Name Last Modified
lp:ubuntu/+source/apache2 2020-03-31
lp:~ahasenack/ubuntu/+source/apache2 2020-03-06
lp:~ddstreet/ubuntu/+source/apache2 2019-10-16
lp:~paelzer/ubuntu/+source/apache2 2019-09-09
lp:~nacc/ubuntu/+source/apache2 2017-07-27
lp:~evarlast/ubuntu/+source/apache2 2016-11-30
16 of 6 results
You can't create new repositories for apache2 in Ubuntu.