lp:ubuntu/intrepid-security/apache2

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

44. By Marc Deslauriers on 2010-03-08

* SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
  - debian/patches/907_CVE-2010-0408.dpatch: return the right error code
    in modules/proxy/mod_proxy_ajp.c.
  - CVE-2010-0408
* SECURITY UPDATE: information disclosure via improper handling of
  headers in subrequests
  - debian/patches/908_CVE-2010-0434.dpatch: use a copy of r->headers_in
    in server/protocol.c.
  - CVE-2010-0434

43. By Jamie Strandboge on 2009-11-12

* SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations.
  Partial fix for CVE-2009-3555. Configurations requiring renegotiation
  of per-directory/location access controls are still affected until
  OpenSSL is updated.
  - debian/patches/904_CVE-2009-3555.dpatch: disable all client
    renegotiations
  - CVE-2009-3555
* SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module
  - debian/patches/905-CVE-2009-3094.dpatch: fix NULL pointer dereference
    in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread
    in EPSV response parser
  - CVE-2009-3094
* SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when
  configured as a reverse proxy
  - debian/patches/906-CVE-2009-3095.dpatch: adjust proxy_ftp_handler()
    in mod_proxy_ftp.c to fail if the decoded Basic credentials contain
    special characters.
  - CVE-2009-3095

42. By Marc Deslauriers on 2009-08-17

* SECURITY UPDATE: remote denial of service in mod_deflate module when
  the network connection was closed before compression completed
  - debian/patches/903_CVE-2009-1891.dpatch: update patch to fix
    regression that caused segfaults under certain circumstances.
    (LP: #409987)
  - CVE-2009-1891

41. By Marc Deslauriers on 2009-07-09

* SECURITY UPDATE: remote denial of service in the mod_proxy module via
  amount of streamed data that exceeds the Content-Length value
  - debian/patches/902_CVE-2009-1890.dpatch: make sure Content-Length is
    sane and check the length of the data in modules/proxy/mod_proxy_http.c
  - CVE-2009-1890
* SECURITY UPDATE: remote denial of service in mod_deflate module when
  the network connection was closed before compression completed
  - debian/patches/903_CVE-2009-1891.dpatch: fail if the connection has
    been aborted in server/core_filters.c
  - CVE-2009-1891

40. By Jamie Strandboge on 2009-06-10

* SECURITY UPDATE: Includes option could be overridden via .htaccess file
  when AllowOverride restrictions do not permit it
  - debian/patches/900_CVE-2009-1195.dpatch: adjust server/config.c,
    server/core.c, modules/filters/mod_include.c, include/http_core.h to
    only enable .htaccess override when permitted.
  - CVE-2009-1195

39. By Chuck Short on 2008-09-19

Revert logrotate change since it will break it for everyone.

38. By Chuck Short on 2008-09-18

debian/logrotate: Restart rather than reload for busy websites.
(LP: #270899)

37. By Kees Cook on 2008-08-28

* Merge from debian unstable, remaining changes:
  - debian/{control,rules}: enable PIE hardening.
  - debian/{control,rules,apache2.2-common.ufw.profile}: add ufw profiles.

36. By Didier Roche-Tolomelli on 2008-08-26

* add ufw integration (see
  https://wiki.ubuntu.com/UbuntuFirewall#Integrating%20UFW%20with%20Packages)
  (LP: #261198)
  - debian/control: suggest ufw for apache2.2-common
  - add apache2.2-common.ufw.profile with 3 profiles and install it to
    /etc/ufw/applications.d/apache2.2-common

35. By Kees Cook on 2008-08-20

debian/{control,rules}: enable PIE hardening