ubuntu/+source/apache2:applied/ubuntu/lucid-updates

Last commit made on 2015-03-10
Get this branch:
git clone -b applied/ubuntu/lucid-updates https://git.launchpad.net/ubuntu/+source/apache2
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/lucid-updates
Repository:
lp:ubuntu/+source/apache2

Recent commits

dc40b91... by Marc Deslauriers on 2015-03-05

Import patches-applied version 2.2.14-5ubuntu8.15 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 8d915478cea94af6892d148cf65367265d94e7d6
Unapplied parent: a16cf78a6233287c675749c2fbf28d238be5fe06

New changelog entries:
  * SECURITY UPDATE: HTTP header replacement via HTTP trailers (LP: #1425141)
    - debian/patches/CVE-2013-5704.dpatch: don't merge trailers by default
      and add a "MergeTrailers" directive to revert to previous behaviour
      to include/http_core.h, include/httpd.h, modules/http/http_filters.c,
      modules/http/http_request.c, modules/loggers/mod_log_config.c,
      modules/proxy/mod_proxy_http.c, modules/proxy/proxy_util.c,
      server/core.c, server/protocol.c.
    - CVE-2013-5704

a16cf78... by Marc Deslauriers on 2015-03-05

Import patches-unapplied version 2.2.14-5ubuntu8.15 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: a7f4299a4a7deaae29f0bda82ebf35269db447e1

New changelog entries:
  * SECURITY UPDATE: HTTP header replacement via HTTP trailers (LP: #1425141)
    - debian/patches/CVE-2013-5704.dpatch: don't merge trailers by default
      and add a "MergeTrailers" directive to revert to previous behaviour
      to include/http_core.h, include/httpd.h, modules/http/http_filters.c,
      modules/http/http_request.c, modules/loggers/mod_log_config.c,
      modules/proxy/mod_proxy_http.c, modules/proxy/proxy_util.c,
      server/core.c, server/protocol.c.
    - CVE-2013-5704

8d91547... by Marc Deslauriers on 2014-07-22

Import patches-applied version 2.2.14-5ubuntu8.14 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 453b93631b2a9b0dbf7fcd0881890d4d00008784
Unapplied parent: a7f4299a4a7deaae29f0bda82ebf35269db447e1

New changelog entries:
  * SECURITY UPDATE: resource consumption via mod_deflate body
    decompression
    - debian/patches/CVE-2014-0118.dpatch: added new configuration options
      DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and
      DeflateInflateRatioBurst in modules/filters/mod_deflate.c.
    - CVE-2014-0118
  * SECURITY UPDATE: denial of service via race in mod_status
    - debian/patches/CVE-2014-0226.dpatch: fix race by adding
      ap_copy_scoreboard_worker() to include/scoreboard.h,
      modules/generators/mod_status.c, server/scoreboard.c.
    - CVE-2014-0226
  * SECURITY UPDATE: denial of service in mod_cgid
    - debian/patches/CVE-2014-0231.dpatch: added new configuration option
      CGIDScriptTimeout in modules/generators/mod_cgid.c.
    - CVE-2014-0231

a7f4299... by Marc Deslauriers on 2014-07-22

Import patches-unapplied version 2.2.14-5ubuntu8.14 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: c85f26ae6e2f3cf1e196151b56b3e90f09991645

New changelog entries:
  * SECURITY UPDATE: resource consumption via mod_deflate body
    decompression
    - debian/patches/CVE-2014-0118.dpatch: added new configuration options
      DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and
      DeflateInflateRatioBurst in modules/filters/mod_deflate.c.
    - CVE-2014-0118
  * SECURITY UPDATE: denial of service via race in mod_status
    - debian/patches/CVE-2014-0226.dpatch: fix race by adding
      ap_copy_scoreboard_worker() to include/scoreboard.h,
      modules/generators/mod_status.c, server/scoreboard.c.
    - CVE-2014-0226
  * SECURITY UPDATE: denial of service in mod_cgid
    - debian/patches/CVE-2014-0231.dpatch: added new configuration option
      CGIDScriptTimeout in modules/generators/mod_cgid.c.
    - CVE-2014-0231

453b936... by Marc Deslauriers on 2014-03-19

Import patches-applied version 2.2.14-5ubuntu8.13 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 78bce074b699c110c45c1605f10e693dbfb0eed2
Unapplied parent: c85f26ae6e2f3cf1e196151b56b3e90f09991645

New changelog entries:
  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
    calculation
    - debian/patches/CVE-2013-6438.dpatch: properly calculate correct length
      in modules/dav/main/util.c.
    - CVE-2013-6438

c85f26a... by Marc Deslauriers on 2014-03-19

Import patches-unapplied version 2.2.14-5ubuntu8.13 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 3a6eb35aeccde390cccf39aa1f66b08e361c6587

New changelog entries:
  * SECURITY UPDATE: denial of service via mod_dav incorrect end of string
    calculation
    - debian/patches/CVE-2013-6438.dpatch: properly calculate correct length
      in modules/dav/main/util.c.
    - CVE-2013-6438

78bce07... by Marc Deslauriers on 2013-07-12

Import patches-applied version 2.2.14-5ubuntu8.12 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: df339e1776263866ef5c0f8150e80aaf210ddf65
Unapplied parent: 3a6eb35aeccde390cccf39aa1f66b08e361c6587

New changelog entries:
  * SECURITY UPDATE: log file poisoning via mod_rewrite (LP: #1188069)
    - debian/patches/CVE-2013-1862.dpatch: properly escape items in
      modules/mappers/mod_rewrite.c.
    - CVE-2013-1862
  * SECURITY UPDATE: denial of service via MERGE request
    - debian/patches/CVE-2013-1896.dpatch: make sure DAV is enabled for URI
      in modules/dav/main/mod_dav.c.
    - CVE-2013-1896

3a6eb35... by Marc Deslauriers on 2013-07-12

Import patches-unapplied version 2.2.14-5ubuntu8.12 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 1d4c35b874b252caa88a8a86760671a11f1f3874

New changelog entries:
  * SECURITY UPDATE: log file poisoning via mod_rewrite (LP: #1188069)
    - debian/patches/CVE-2013-1862.dpatch: properly escape items in
      modules/mappers/mod_rewrite.c.
    - CVE-2013-1862
  * SECURITY UPDATE: denial of service via MERGE request
    - debian/patches/CVE-2013-1896.dpatch: make sure DAV is enabled for URI
      in modules/dav/main/mod_dav.c.
    - CVE-2013-1896

df339e1... by Marc Deslauriers on 2013-03-08

Import patches-applied version 2.2.14-5ubuntu8.11 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: ccc8ac6b05f6fe66ac7f0e88bf0478b08472404d
Unapplied parent: 1d4c35b874b252caa88a8a86760671a11f1f3874

New changelog entries:
  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.dpatch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: denial of service in mod_proxy_ajp
    - debian/patches/CVE-2012-4557.dpatch: check for timeout in
      modules/proxy/ajp_link.c, modules/proxy/mod_proxy_ajp.c.
    - CVE-2012-4557
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/patches/CVE-2013-1048.dpatch: introduce and use a safer
      mkdir_chown() function in support/apachectl.in.
    - CVE-2013-1048

1d4c35b... by Marc Deslauriers on 2013-03-08

Import patches-unapplied version 2.2.14-5ubuntu8.11 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 7b9584062eca34f3a1fb6e6bb6f620e7c4f48a7d

New changelog entries:
  * SECURITY UPDATE: multiple cross-site scripting issues
    - debian/patches/CVE-2012-3499_4558.dpatch: properly escape html in
      modules/generators/{mod_info.c,mod_status.c},
      modules/ldap/util_ldap_cache_mgr.c, modules/mappers/mod_imagemap.c,
      modules/proxy/{mod_proxy_balancer.c,mod_proxy_ftp.c}.
    - CVE-2012-3499
    - CVE-2012-4558
  * SECURITY UPDATE: denial of service in mod_proxy_ajp
    - debian/patches/CVE-2012-4557.dpatch: check for timeout in
      modules/proxy/ajp_link.c, modules/proxy/mod_proxy_ajp.c.
    - CVE-2012-4557
  * SECURITY UPDATE: symlink attack in apache2ctl script
    - debian/patches/CVE-2013-1048.dpatch: introduce and use a safer
      mkdir_chown() function in support/apachectl.in.
    - CVE-2013-1048