Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/hardy-security/apache2
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

38. By Marc Deslauriers

* SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf
  directive (LP: #811422)
  - debian/patches/220_CVE-2011-3607.dpatch: validate length in
  - CVE-2011-3607
* SECURITY UPDATE: another mod_proxy reverse proxy exposure
  - debian/patches/221_CVE-2011-4317.dpatch: validate additional URIs in
    modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c,
  - CVE-2011-4317
* SECURITY UPDATE: denial of service and possible code execution via
  type field modification within a scoreboard shared memory segment
  - debian/patches/222_CVE-2012-0031.dpatch: check type field in
  - CVE-2012-0031
* SECURITY UPDATE: cookie disclosure via Bad Request errors
  - debian/patches/223_CVE-2012-0053.dpatch: check lengths in
  - CVE-2012-0053

37. By Steve Beattie

[ Michael Jeanson ]
* SECURITY UPDATE: mod_proxy reverse proxy exposure
  * debian/patches/216_CVE-2011-3368.dpatch: return 400
    on invalid requests.
  - debian/patches/214_CVE-2011-3368_part2.dpatch: fix same for http
    0.9 protocol

[ Steve Beattie ]
* SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674)
  - debian/patches/213_CVE-2011-3348.dpatch: return
  - CVE-2011-3348
* Include additional fixes for regressions introduced by
  CVE-2011-3192 fixes
  - debian/patches/084_CVE-2011-3192_regression_part2.dpatch:
    take upstream fixes for byterange_filter.c through the 2.2.21
    release except for the added MaxRanges configuration option.

36. By Steve Beattie

* SECURITY UPDATE: Range header DoS vulnerability
  * debian/patches/214_CVE-2011-3192.dpatch: filter out large
    byte ranges and improve memory efficiency in handling buckets.
    (thanks to Debian and upstream)
  * CVE-2011-3192
* Include fix for regressions introduced by above patch:
  - debian/patches/084_CVE-2011-3192_regression.dpatch: return 206
    and 416 response codes where appropriate (see deban bug 639825)

35. By Marc Deslauriers

* SECURITY UPDATE: denial of service via request that lacks a path in
  - debian/patches/213_CVE-2010-1452.dpatch: fix path handling in
  - CVE-2010-1452

34. By Marc Deslauriers

* debian/patches/212_sslinsecurerenegotiation-directive.dpatch: once
  openssl gets updated to fix CVE-2009-3555, server renegotiations with
  unpatched clients will fail. This patch adds the ability to revert to
  the previous unsafe behaviour with a new SSLInsecureRenegotiation
  directive. (LP: #616759)
* debian/control: add specific dependency on first openssl version to get
  CVE-2009-3555 fix.

33. By Marc Deslauriers

* SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
  - debian/patches/209_CVE-2010-0408.dpatch: return the right error code
    in modules/proxy/mod_proxy_ajp.c.
  - CVE-2010-0408
* SECURITY UPDATE: information disclosure via improper handling of
  headers in subrequests
  - debian/patches/210_CVE-2010-0434.dpatch: use a copy of r->headers_in
    in server/protocol.c.
  - CVE-2010-0434

32. By Jamie Strandboge

* SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations.
  Partial fix for CVE-2009-3555. Configurations requiring renegotiation
  of per-directory/location access controls are still affected until
  OpenSSL is updated.
  - debian/patches/206_CVE-2009-3555.dpatch: disable all client
  - CVE-2009-3555
* SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module
  - debian/patches/207-CVE-2009-3094.dpatch: fix NULL pointer dereference
    in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread
    in EPSV response parser
  - CVE-2009-3094
* SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when
  configured as a reverse proxy
  - debian/patches/208-CVE-2009-3095.dpatch: adjust proxy_ftp_handler()
    in mod_proxy_ftp.c to fail if the decoded Basic credentials contain
    special characters.
  - CVE-2009-3095

31. By Marc Deslauriers

* SECURITY UPDATE: remote denial of service in mod_deflate module when
  the network connection was closed before compression completed
  - debian/patches/205_CVE-2009-1891.dpatch: update patch to fix
    regression that caused segfaults under certain circumstances.
    (LP: #409987)
  - CVE-2009-1891

30. By Marc Deslauriers

* SECURITY UPDATE: remote denial of service in the mod_proxy module via
  amount of streamed data that exceeds the Content-Length value
  - debian/patches/204_CVE-2009-1890.dpatch: make sure Content-Length is
    sane and check the length of the data in modules/proxy/mod_proxy_http.c
  - CVE-2009-1890
* SECURITY UPDATE: remote denial of service in mod_deflate module when
  the network connection was closed before compression completed
  - debian/patches/205_CVE-2009-1891.dpatch: fail if the connection has
    been aborted in server/core_filters.c
  - CVE-2009-1891

29. By Jamie Strandboge

* SECURITY UPDATE: Includes option could be overridden via .htaccess file
  when AllowOverride restrictions do not permit it
  - debian/patches/203_CVE-2009-1195.dpatch: adjust server/config.c,
    server/core.c, modules/filters/mod_include.c, include/http_core.h to
    only enable .htaccess override when permitted.
  - CVE-2009-1195

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.