Branches for Gutsy

Author: LaMont Jones
Revision Date: 2007-10-04 11:58:34 UTC

Trigger rebuild for hppa

Author: Marc Deslauriers
Revision Date: 2009-03-05 15:54:32 UTC

[ Emanuele Gentili ]
* SECURITY UPDATE:
 + debian/patches/111_CVE-2008-2364.dpatch (LP: #239894)
  - The ap_proxy_http_process_response function in mod_proxy_http.c
    in the mod_proxy module does not limit the number of forwarded
    interim responses, which allows remote HTTP servers to cause a
    denial of service (memory consumption) via a large number of
    interim responses.
 + References
  - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364

[ Marc Deslauriers ]
* SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in "413 Request
  Entity Too Large" error message
  - debian/patches/107_CVE-2007-6203.dpatch: properly escape some error
    messages in modules/http/http_protocol.c.
  - CVE-2007-6203
* SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in
  mod_proxy_balancer
  - debian/patches/108_CVE-2007-6420.dpatch: generate and validate a nonce in
    modules/proxy/mod_proxy_balancer.c.
  - CVE-2007-6420
* SECURITY UPDATE: Denial of service via memory leak in the zlib_stateful_init
  function (LP: #224945)
  - debian/patches/109_CVE-2008-1678.dpatch: don't call
    CRYPTO_cleanup_all_ex_data in modules/ssl/mod_ssl.c.
  - CVE-2008-1678
* SECURITY UPDATE: Cross-site scripting (XSS) vulnerability via UTF-7 encoded
  URLs
  - debian/patches/110_CVE-2008-2168.dpatch: specify a default charset in
    modules/dav/main/mod_dav.c, modules/generators/mod_info.c and
    modules/proxy/mod_proxy_balancer.c.
  - CVE-2008-2168
* SECURITY UPDATE: Denial of service via large number of interim responses in
  mod_proxy module (LP: #239894)
  - debian/patches/111_CVE-2008-2364.dpatch: updated patch to newer version.
  - CVE-2008-2364
* SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
  mod_proxy_ftp module
  - debian/patches/112_CVE-2008-2939.dpatch: escape the html
    contained in the wildcard value in modules/proxy/mod_proxy_ftp.c.
  - CVE-2008-2939

Author: Marc Deslauriers
Revision Date: 2009-03-05 15:54:32 UTC

[ Emanuele Gentili ]
* SECURITY UPDATE:
 + debian/patches/111_CVE-2008-2364.dpatch (LP: #239894)
  - The ap_proxy_http_process_response function in mod_proxy_http.c
    in the mod_proxy module does not limit the number of forwarded
    interim responses, which allows remote HTTP servers to cause a
    denial of service (memory consumption) via a large number of
    interim responses.
 + References
  - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364

[ Marc Deslauriers ]
* SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in "413 Request
  Entity Too Large" error message
  - debian/patches/107_CVE-2007-6203.dpatch: properly escape some error
    messages in modules/http/http_protocol.c.
  - CVE-2007-6203
* SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in
  mod_proxy_balancer
  - debian/patches/108_CVE-2007-6420.dpatch: generate and validate a nonce in
    modules/proxy/mod_proxy_balancer.c.
  - CVE-2007-6420
* SECURITY UPDATE: Denial of service via memory leak in the zlib_stateful_init
  function (LP: #224945)
  - debian/patches/109_CVE-2008-1678.dpatch: don't call
    CRYPTO_cleanup_all_ex_data in modules/ssl/mod_ssl.c.
  - CVE-2008-1678
* SECURITY UPDATE: Cross-site scripting (XSS) vulnerability via UTF-7 encoded
  URLs
  - debian/patches/110_CVE-2008-2168.dpatch: specify a default charset in
    modules/dav/main/mod_dav.c, modules/generators/mod_info.c and
    modules/proxy/mod_proxy_balancer.c.
  - CVE-2008-2168
* SECURITY UPDATE: Denial of service via large number of interim responses in
  mod_proxy module (LP: #239894)
  - debian/patches/111_CVE-2008-2364.dpatch: updated patch to newer version.
  - CVE-2008-2364
* SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
  mod_proxy_ftp module
  - debian/patches/112_CVE-2008-2939.dpatch: escape the html
    contained in the wildcard value in modules/proxy/mod_proxy_ftp.c.
  - CVE-2008-2939