Branches for Hardy

Name Status Last Modified Last Commit
lp:ubuntu/hardy/apache2 2 Mature 2009-11-06 05:56:54 UTC 2009-11-06
26. * New upstream version: - Fixes cro...

Author: Stefan Fritsch
Revision Date: 2008-01-17 20:27:56 UTC

* New upstream version:
  - Fixes cross-site scripting issues in
    o mod_imagemap (CVE-2007-5000)
    o mod_status (CVE-2007-6388)
    o mod_proxy_balancer's balancer manager (CVE-2007-6421)
  - Fixes a denial of service issue in mod_proxy_balancer's balancer manager
    (CVE-2007-6422).
  - Fixes mod_proxy URL encoding in error messages (closes: #337325).
  - Adds explicit charset to the output of various modules to work around
    possible cross-site scripting flaws affecting web browsers that do not
    derive the response character set as required by RFC2616. For
    mod_proxy_ftp there is now the new ProxyFtpDirCharset directive to
    specify something else than ISO-8859-1 (CVE-2008-0005).
  - Adds mod_substitute which performs inline response content pattern
    matching (including regex) and substitution (like mod_line_edit).
  - Adds "DefaultType none" option.
  - Adds new "B" option to RewriteRule to suppress URL unescaping.
  - Adds an "if" directive for mod_include to test whether an URL is
    accessible, and if so, conditionally display content.
  - Adds support for mod_ssl to the event MPM.
* Move the configuration of User, Group, and PidFile to
  /etc/apache2/envvars. This makes it easier to use these settings in
  scripts. /etc/apache2/envvars can now also be used to influence apache2ctl
  (inspired by Marc Haber's patch). (Closes: #349709, #460105, #458085)
* Make apache2ctl check the configuration syntax before trying to restart
  apache, to match the behaviour documented in the man page.
  (Closes: #459236)
* Convert docs to be directly viewable with a browser (and not use content
  negotiation).
* Add doc-base entry for the documentation. (closes: #311269)
* Don't ship default files in /var/www, but copy a sample file to
  /var/www/index.html on new installs. Also remove the now unneeded
  RedirectMatch line from sites-available/default.
  (Closes: #411774, #458093)
* Add some information to README.Debian (Apache wiki, default virtual host)
* Build with LDFLAGS=-Wl,--as-needed to drop a lot of unnecessary
  dependencies, easing library transitions (closes: #458857).
* Add icons for OpenDocuments, add sharutils to Build-Depends for uudecode.
  Patch by Nicolas Valcárcel. (Closes: #436441)
* Add reportbug script to list enabled modules.
* Fix some lintian warnings:
  - Pass --no-start to dh_installinit instead of omitting the debhelper token
    in various maintainer scripts. Also move the update-rc.d call to
    apache2.2-common.
  - Add Short-Description to init script.
* Remove unused apache2-mpm-prefork.prerm from source package and clean up
  debian/rules a bit.
* Don't ship NEWS.Debian with apache2-utils, as the contents are only
  relevant for the server.

lp:ubuntu/hardy-proposed/apache2 bug 2 Mature 2010-08-16 13:39:40 UTC 2010-08-16
33. * debian/patches/212_sslinsecurereneg...

Author: Marc Deslauriers
Revision Date: 2010-08-16 13:39:40 UTC

* debian/patches/212_sslinsecurerenegotiation-directive.dpatch: once
  openssl gets updated to fix CVE-2009-3555, server renegotiations with
  unpatched clients will fail. This patch adds the ability to revert to
  the previous unsafe behaviour with a new SSLInsecureRenegotiation
  directive. (LP: #616759)
* debian/control: add specific dependency on first openssl version to get
  CVE-2009-3555 fix.

lp:ubuntu/hardy-security/apache2 bug 2 Mature 2012-02-16 19:57:16 UTC 2012-02-16
38. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2012-02-14 10:49:11 UTC

* SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
  directive (LP: #811422)
  - debian/patches/220_CVE-2011-3607.dpatch: validate length in
    server/util.c.
  - CVE-2011-3607
* SECURITY UPDATE: another mod_proxy reverse proxy exposure
  - debian/patches/221_CVE-2011-4317.dpatch: validate additional URIs in
    modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
    server/protocol.c.
  - CVE-2011-4317
* SECURITY UPDATE: denial of service and possible code execution via
  type field modification within a scoreboard shared memory segment
  - debian/patches/222_CVE-2012-0031.dpatch: check type field in
    server/scoreboard.c.
  - CVE-2012-0031
* SECURITY UPDATE: cookie disclosure via Bad Request errors
  - debian/patches/223_CVE-2012-0053.dpatch: check lengths in
    server/protocol.c.
  - CVE-2012-0053

lp:ubuntu/hardy-updates/apache2 bug 2 Mature 2012-02-16 20:10:22 UTC 2012-02-16
37. * SECURITY UPDATE: arbitrary code exe...

Author: Marc Deslauriers
Revision Date: 2012-02-14 10:49:11 UTC

* SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
  directive (LP: #811422)
  - debian/patches/220_CVE-2011-3607.dpatch: validate length in
    server/util.c.
  - CVE-2011-3607
* SECURITY UPDATE: another mod_proxy reverse proxy exposure
  - debian/patches/221_CVE-2011-4317.dpatch: validate additional URIs in
    modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
    server/protocol.c.
  - CVE-2011-4317
* SECURITY UPDATE: denial of service and possible code execution via
  type field modification within a scoreboard shared memory segment
  - debian/patches/222_CVE-2012-0031.dpatch: check type field in
    server/scoreboard.c.
  - CVE-2012-0031
* SECURITY UPDATE: cookie disclosure via Bad Request errors
  - debian/patches/223_CVE-2012-0053.dpatch: check lengths in
    server/protocol.c.
  - CVE-2012-0053

14 of 4 results