lp:ubuntu/karmic-security/apache2

Created by James Westby on 2009-11-19 and last modified on 2011-01-21
Get this branch:
bzr branch lp:ubuntu/karmic-security/apache2
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

54. By Marc Deslauriers on 2010-11-18

* SECURITY UPDATE: denial of service via request that lacks a path in
  mod_dav.
  - debian/patches/906_CVE-2010-1452.dpatch: fix path handling in
    modules/dav/main/util.c.
  - CVE-2010-1452

53. By Marc Deslauriers on 2010-08-16

* debian/patches/905_sslinsecurerenegotiation-directive.dpatch: once
  openssl gets updated to fix CVE-2009-3555, server renegotiations with
  unpatched clients will fail. This patch adds the ability to revert to
  the previous unsafe behaviour with a new SSLInsecureRenegotiation
  directive. (LP: #616759)
* debian/control: add specific dependency on first openssl version to get
  CVE-2009-3555 fix.

52. By Marc Deslauriers on 2010-03-08

* SECURITY UPDATE: denial of service via crafted request in mod_proxy_ajp
  - debian/patches/903_CVE-2010-0408.dpatch: return the right error code
    in modules/proxy/mod_proxy_ajp.c.
  - CVE-2010-0408
* SECURITY UPDATE: information disclosure via improper handling of
  headers in subrequests
  - debian/patches/904_CVE-2010-0434.dpatch: use a copy of r->headers_in
    in server/protocol.c.
  - CVE-2010-0434

51. By Jamie Strandboge on 2009-11-12

* SECURITY UPDATE: Reject client-initiated SSL/TLS renegotiations.
  Partial fix for CVE-2009-3555. Configurations requiring renegotiation
  of per-directory/location access controls are still affected until
  OpenSSL is updated.
  - debian/patches/900_CVE-2009-3555.dpatch: disable all client
    renegotiations
  - CVE-2009-3555
* SECURITY UPDATE: fix NULL pointer dereference in mod_proxy_ftp module
  - debian/patches/901-CVE-2009-3094.dpatch: fix NULL pointer dereference
    in mod_proxy_ftp.c/apr_socket_close() and potential buffer overread
    in EPSV response parser
  - CVE-2009-3094
* SECURITY UPDATE: fix access control bypass in mod_proxy_ftp when
  configured as a reverse proxy
  - debian/patches/902-CVE-2009-3095.dpatch: adjust proxy_ftp_handler()
    in mod_proxy_ftp.c to fail if the decoded Basic credentials contain
    special characters.
  - CVE-2009-3095

50. By Marc Deslauriers on 2009-08-17

* debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch:
  - Fix potential segfaults with the use of the legacy ap_rputs() etc
    interfaces, in cases where an output filter fails. This happens
    frequently after CVE-2009-1891 got fixed. (LP: #409987)

49. By Chuck Short on 2009-08-04

* Merge from debian unstable, remaining changes:
  - debian/{control,rules}: enable PIE hardening.
  - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.
  - Dropped debian/patches/203_fix-ssl-timeftm-ignored.dpatch.

48. By Bhavani Shankar on 2009-07-11

* Merge from debian unstable, remaining changes: LP: #398130
  - debian/patches/203_fix-ssl-timeftm-ignored.dpatch:
    Fix timefmt is ignored when XBitHack is on. (LP: #258914)
  - debian/{control,rules}: enable PIE hardening.
  - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.

47. By Chuck Short on 2009-06-09

* Merge from debian unstable, remaining changes:
  - debian/patches/203_fix-ssl-timeftm-ignored.dpatch:
    Fix timefmt is ignored when XBitHack is on. (LP: #258914)
  - debian/{control,rules}: enable PIE hardening.
  - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.

46. By Andrew Mitchell on 2009-06-03

* Merge from debian unstable, remaining changes:
  - debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
    Fix timefmt is ignored when XBitHack is on. (LP: #258914)
  - debian/{control,rules}: enable PIE hardening.
  - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.

45. By Andrew Mitchell on 2009-05-12

* Merge from debian unstable, remaining changes:
  - debian/patches/203_fix-ssi-timeftm-ignored.dpatch:
    Fix timefmt is ignored when XBitHack is on. (LP: #258914)
  - debian/{control,rules}: enable PIE hardening.
  - debian/{control, rules, apache2.2-common.ufw.profile}: add ufw profiles.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/apache2
This branch contains Public information 
Everyone can see this information.

Subscribers