lp:debian/lenny/apache2

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

23. By Stefan Fritsch on 2012-02-05

* Prevent unintended pattern expansion in some reverse proxy
  configurations by strictly validating the request-URI. Fixes
  CVE-2011-3368, CVE-2011-3639, CVE-2011-4317.
* CVE-2011-3607: Fix integer overflow in ap_pregsub(), which allowed local
  privilege escalation.
* CVE-2012-0031: Fix client process being able to crash parent process
  during shutdown.
* CVE-2012-0053: Fix an issue in code 400 error responses that could expose
  "httpOnly" cookies.

22. By Stefan Fritsch on 2011-09-04

Fix regressions related to range requests introduced by 2.2.9-10+lenny10.
Closes: #639825

21. By Stefan Fritsch on 2010-12-11

Add the new SSLInsecureRenegotiation directive to configure if clients
that have not been patched to support secure renegotiation (RFC 5746)
are allowed to connect (CVE-2009-3555).
Together with the recent openssl upgrade, this closes: #587037
This upgrade also adds support for the SSL_SECURE_RENEG variable, to
allow testing if secure renegotiation is supported by the client.

20. By Stefan Fritsch on 2010-04-19

* Add missing psmisc dependency for killall used in the init script.
  Closes: #568542
* Fix potential memory leaks related to the usage of apr_brigade_destroy().

19. By Stefan Fritsch on 2009-11-14

* Security:
  - Reject any client-initiated SSL/TLS renegotiations. This is a partial fix
    for the TLS renegotiation prefix injection attack (CVE-2009-3555).
    Any configuration which requires renegotiation for per-directory/location
    access control or uses "SSLVerifyClient optional" is still vulnerable.

18. By Stefan Fritsch on 2009-07-14

* Security fixes:
  - CVE-2009-1890: denial of service in mod_proxy (closes: #536718)
  - CVE-2009-1891: denial of service in mod_deflate (closes: #534712)
    Also prevent compressing the content for HEAD requests.

17. By Stefan Fritsch on 2009-01-20

Report an error instead instead of segfaulting when apr_pollset_create
fails (PR 46467). On Linux kernels since 2.6.27.8, the value in
/proc/sys/fs/epoll/max_user_instances needs to be larger than twice the
value of MaxClients in the Apache configuration. Closes: #511103

16. By Stefan Fritsch on 2008-12-02

* Regression fix from upstream svn for mod_proxy:
  Prevent segmentation faults by correctly adjusting the lifetime of the
  buckets read from the proxy backend. PR 45792
* Fix from upstream svn for mpm_worker:
  Crosscheck that idle workers are still available before using them and
  thus preventing an overflow of the worker queue which causes a SegFault.
  PR 45605
* Add a comment to ports.conf to point to NEWS.Debian.gz in case of
  upgrading problems.

15. By Stefan Fritsch on 2008-10-01

Regression fix from upstream svn for mod_proxy_http:
Don't trigger a retry by the client if a failure to read the response line
was the result of a timeout.

14. By Peter Samuelson <email address hidden> on 2007-03-27

* High-urgency upload for RC bugfixes.
* Ack NMUs - thanks Andi, Steve.
* Refactor apache2.2-common.postinst slightly, to account for sarge
  upgrades (since it's a new package name, rather than an upgrade).
  (Closes: #396782, #415775)
* If mod_proxy was configured in sarge, add proxy_http and
  disk_cache modules, which used to be included in the mod_proxy config.
  (Closes: #407171)