lp:debian/lenny/apache2
- Get this branch:
- bzr branch lp:debian/lenny/apache2
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 23. By Stefan Fritsch
-
* Prevent unintended pattern expansion in some reverse proxy
configurations by strictly validating the request-URI. Fixes
CVE-2011-3368, CVE-2011-3639, CVE-2011-4317.
* CVE-2011-3607: Fix integer overflow in ap_pregsub(), which allowed local
privilege escalation.
* CVE-2012-0031: Fix client process being able to crash parent process
during shutdown.
* CVE-2012-0053: Fix an issue in code 400 error responses that could expose
"httpOnly" cookies. - 22. By Stefan Fritsch
-
Fix regressions related to range requests introduced by 2.2.9-10+lenny10.
Closes: #639825 - 21. By Stefan Fritsch
-
Add the new SSLInsecureRene
gotiation directive to configure if clients
that have not been patched to support secure renegotiation (RFC 5746)
are allowed to connect (CVE-2009-3555).
Together with the recent openssl upgrade, this closes: #587037
This upgrade also adds support for the SSL_SECURE_RENEG variable, to
allow testing if secure renegotiation is supported by the client. - 20. By Stefan Fritsch
-
* Add missing psmisc dependency for killall used in the init script.
Closes: #568542
* Fix potential memory leaks related to the usage of apr_brigade_destroy( ). - 19. By Stefan Fritsch
-
* Security:
- Reject any client-initiated SSL/TLS renegotiations. This is a partial fix
for the TLS renegotiation prefix injection attack (CVE-2009-3555).
Any configuration which requires renegotiation for per-directory/location
access control or uses "SSLVerifyClient optional" is still vulnerable. - 18. By Stefan Fritsch
-
* Security fixes:
- CVE-2009-1890: denial of service in mod_proxy (closes: #536718)
- CVE-2009-1891: denial of service in mod_deflate (closes: #534712)
Also prevent compressing the content for HEAD requests. - 17. By Stefan Fritsch
-
Report an error instead instead of segfaulting when apr_pollset_create
fails (PR 46467). On Linux kernels since 2.6.27.8, the value in
/proc/sys/fs/epoll/ max_user_ instances needs to be larger than twice the
value of MaxClients in the Apache configuration. Closes: #511103 - 16. By Stefan Fritsch
-
* Regression fix from upstream svn for mod_proxy:
Prevent segmentation faults by correctly adjusting the lifetime of the
buckets read from the proxy backend. PR 45792
* Fix from upstream svn for mpm_worker:
Crosscheck that idle workers are still available before using them and
thus preventing an overflow of the worker queue which causes a SegFault.
PR 45605
* Add a comment to ports.conf to point to NEWS.Debian.gz in case of
upgrading problems. - 15. By Stefan Fritsch
-
Regression fix from upstream svn for mod_proxy_http:
Don't trigger a retry by the client if a failure to read the response line
was the result of a timeout. - 14. By Peter Samuelson <email address hidden>
-
* High-urgency upload for RC bugfixes.
* Ack NMUs - thanks Andi, Steve.
* Refactor apache2.2-common. postinst slightly, to account for sarge
upgrades (since it's a new package name, rather than an upgrade).
(Closes: #396782, #415775)
* If mod_proxy was configured in sarge, add proxy_http and
disk_cache modules, which used to be included in the mod_proxy config.
(Closes: #407171)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:debian/squeeze/apache2