lp:~mojocode/apache2/peruser
- Get this branch:
- bzr branch lp:~mojocode/apache2/peruser
Branch merges
Branch information
Recent revisions
- 64. By Steve Beattie
-
* SECURITY UPDATE: Range header DoS vulnerability
- debian/patches/ 207_CVE- 2011-3192. dpatch: filter out large
byte ranges and improve memory efficiency in handling buckets.
(thanks to Debian and upstream)
- CVE-2011-3192
* Include fix for regressions introduced by above patch:
- debian/patches/ 208_CVE- 2011-3192_ regression. dpatch: return 206
and 416 response codes where appropriate (see deban bug 639825) - 63. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via request that lacks a path in
mod_cache and mod_dav.
- debian/patches/ 201_CVE- 2010-1452. dpatch: fix path handling in
modules/cache/cache_ storage. c and modules/ dav/main/ util.c.
- CVE-2010-1452 - 62. By Marc Deslauriers
-
* debian/
patches/ 211-sslinsecure renegotiation- directive. dpatch: once
openssl gets updated to fix CVE-2009-3555, server renegotiations with
unpatched clients will fail. This patch adds the ability to revert to
the previous unsafe behaviour with a new SSLInsecureRenegotiation
directive. (LP: #616759)
* debian/control: add specific dependency on first openssl version to get
CVE-2009-3555 fix. - 61. By Chuck Short
-
debian/
patches/ 210-backport- mod-reqtimeout- ftbfs.dpatch: Add missing mod_reqtime.so
(LP: #562370) - 60. By Chuck Short
-
* debian/
patches/ 206-fix- potential- memory- leaks.dpatch: Fix potential memory
leaks by making sure to not destroy bucket brigades that have been created
by earlier filters. Backported from 2.2.15.
* debian/patches/ 206-report- max-client- mpm-worker. dpatch: Don't report server
has reached MaxClients until it has. Backported from 2.2.15
* debian/config- dir/apache2. conf: Make the Files ~ "^\.ht" block in apache2.conf
more secure by adding Satisfy all. (Debian bug: #572075)
* debian/rules, debian/patches/ 209-backport- mod-reqtimeout. dpatch,
debian/config2- dir/mods- available/ reqtimeout. load,
debian/config2- dir/mods- available/ reqtimeout. conf debian/NEWS : Backport the
mod-reqtimeout module from 2.2.15, this will mitigate apache slowloris
bug in apache. Enable it by default. (LP: #392759)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:apache2