lp:ubuntu/hoary-security/apache2

Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/hoary-security/apache2
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

6. By Martin Pitt

* SECURITY UPDATE: Remote DoS, potential remote code execution.
* Add debian/patches/053_mod_rewite_CVE-2006-3747:
  - Fix off-by-one buffer overflow in mod_rewrite's ldap scheme handler.
  - Reported by Mark Dowd of McAfee Avert Labs.
  - CVE-2006-3747

5. By Adam Conrad

* SECURITY UPDATE: Remote DoS and Cross-Site Scripting vulnerability.
  - Add 050_mod_imap_CVE-2005-3352 to escape untrusted referer headers in
    mod_imap before outputting HTML to avoid XSS attacks; see CVE-2005-3352
  - Add 051_mod_ssl_CVE-2005-3357 to avoid a remote denial of service in
    threaded MPMs when making a non-SSL connection to an SSL-enabled port
    on a server with a custom 400 error document defined; see CVE-2005-3357

4. By Adam Conrad

* SECURITY UPDATE: Memory exhaustion denial of service in apache2-mpm-worker
  - Apply 048_worker_memleak_CAN-2005-2970 to resolves a memory leak in
    the worker MPM that can occur after aborted connections; CAN-2005-2970

3. By Adam Conrad

Fix the init script to not exit with an error when asked to
stop a daemon that isn't running (Was the root cause of #8374)

2. By Thom May

Security Release. Patch from upstream for the following:
CAN-2004-0885SSLCypherSuite can be bypassed during renegotiation.

1. By Thom May

Import upstream version 2.0.50

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/apache2
This branch contains Public information 
Everyone can see this information.

Subscribers