Created by James Westby on 2009-11-06 and last modified on 2010-03-08
Get this branch:
bzr branch lp:ubuntu/intrepid-security/apache2
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

44. By Marc Deslauriers on 2010-03-08

* SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
  - debian/patches/907_CVE-2010-0408.dpatch: return the right error code
    in modules/proxy/mod_proxy_ajp.c.
  - CVE-2010-0408
* SECURITY UPDATE: information disclosure via improper handling of
  headers in subrequests
  - debian/patches/908_CVE-2010-0434.dpatch: use a copy of r->headers_in
    in server/protocol.c.
  - CVE-2010-0434

43. By Jamie Strandboge on 2009-11-12

* SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations.
  Partial fix for CVE-2009-3555. Configurations requiring renegotiation
  of per-directory/location access controls are still affected until
  OpenSSL is updated.
  - debian/patches/904_CVE-2009-3555.dpatch: disable all client
  - CVE-2009-3555
* SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module
  - debian/patches/905-CVE-2009-3094.dpatch: fix NULL pointer dereference
    in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread
    in EPSV response parser
  - CVE-2009-3094
* SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when
  configured as a reverse proxy
  - debian/patches/906-CVE-2009-3095.dpatch: adjust proxy_ftp_handler()
    in mod_proxy_ftp.c to fail if the decoded Basic credentials contain
    special characters.
  - CVE-2009-3095

42. By Marc Deslauriers on 2009-08-17

* SECURITY UPDATE: remote denial of service in mod_deflate module when
  the network connection was closed before compression completed
  - debian/patches/903_CVE-2009-1891.dpatch: update patch to fix
    regression that caused segfaults under certain circumstances.
    (LP: #409987)
  - CVE-2009-1891

41. By Marc Deslauriers on 2009-07-09

* SECURITY UPDATE: remote denial of service in the mod_proxy module via
  amount of streamed data that exceeds the Content-Length value
  - debian/patches/902_CVE-2009-1890.dpatch: make sure Content-Length is
    sane and check the length of the data in modules/proxy/mod_proxy_http.c
  - CVE-2009-1890
* SECURITY UPDATE: remote denial of service in mod_deflate module when
  the network connection was closed before compression completed
  - debian/patches/903_CVE-2009-1891.dpatch: fail if the connection has
    been aborted in server/core_filters.c
  - CVE-2009-1891

40. By Jamie Strandboge on 2009-06-10

* SECURITY UPDATE: Includes option could be overridden via .htaccess file
  when AllowOverride restrictions do not permit it
  - debian/patches/900_CVE-2009-1195.dpatch: adjust server/config.c,
    server/core.c, modules/filters/mod_include.c, include/http_core.h to
    only enable .htaccess override when permitted.
  - CVE-2009-1195

39. By Chuck Short on 2008-09-19

Revert logrotate change since it will break it for everyone.

38. By Chuck Short on 2008-09-18

debian/logrotate: Restart rather than reload for busy websites.
(LP: #270899)

37. By Kees Cook on 2008-08-28

* Merge from debian unstable, remaining changes:
  - debian/{control,rules}: enable PIE hardening.
  - debian/{control,rules,apache2.2-common.ufw.profile}: add ufw profiles.

36. By Didier Roche on 2008-08-26

* add ufw integration (see
  (LP: #261198)
  - debian/control: suggest ufw for apache2.2-common
  - add apache2.2-common.ufw.profile with 3 profiles and install it to

35. By Kees Cook on 2008-08-20

debian/{control,rules}: enable PIE hardening

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.