ubuntu/+source/apache2:applied/ubuntu/utopic-devel

Last commit made on 2015-03-10
Get this branch:
git clone -b applied/ubuntu/utopic-devel https://git.launchpad.net/ubuntu/+source/apache2
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/utopic-devel
Repository:
lp:ubuntu/+source/apache2

Recent commits

519f859... by Marc Deslauriers on 2015-03-05

Import patches-applied version 2.4.10-1ubuntu1.1 to applied/ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: 5bbfc0c44d81be2733bf8784234c052b227e5eed
Unapplied parent: f2d29f8819127aa9b418e332470c367cf7fc7c56

New changelog entries:
  * SECURITY UPDATE: HTTP header replacement via HTTP trailers (LP: #1425141)
    - debian/patches/CVE-2013-5704.patch: don't merge trailers by default
      and add a "MergeTrailers" directive to revert to previous behaviour
      to include/http_core.h, include/httpd.h, modules/http/http_filters.c,
      modules/http/http_request.c, modules/loggers/mod_log_config.c,
      modules/proxy/mod_proxy_http.c, server/core.c, server/protocol.c.
    - CVE-2013-5704
  * SECURITY UPDATE: mod_cache denial of service via empty HTTP
    Content-Type header
    - debian/patches/CVE-2014-3581.patch: check for NULL in
      modules/cache/cache_util.c.
    - CVE-2014-3581
  * SECURITY UPDATE: mod_proxy_fcgi deial of service via long response
    headers
    - debian/patches/CVE-2014-3583.patch: properly handle length in
      modules/aaa/mod_authnz_fcgi.c, modules/proxy/mod_proxy_fcgi.c.
    - CVE-2014-3583
  * SECURITY UPDATE: restriction bypass in mod_lua via multiple Require
    directives
    - debian/patches/CVE-2014-8109.patch: handle multiple Require
      directives with different arguments in modules/lua/mod_lua.c.
    - CVE-2014-8109
  * SECURITY UPDATE: denial of service in mod_lua via websockets PING
    - debian/patches/CVE-2015-0228.patch: fix logic in
      modules/lua/lua_request.c.
    - CVE-2015-0228

f2d29f8... by Marc Deslauriers on 2015-03-05

[PATCH] Merge r1657261 from trunk:

Gbp-Pq: CVE-2015-0228.patch.

7b0cf66... by Marc Deslauriers on 2015-03-05

[PATCH] Merge r1642499 from trunk:

Gbp-Pq: CVE-2014-8109.patch.

40b8dbd... by Marc Deslauriers on 2015-03-05

[PATCH] Merge r1640036, r1640331 from trunk:

Gbp-Pq: CVE-2014-3583.patch.

31b7a1c... by Marc Deslauriers on 2015-03-05

[PATCH] Merge r1624234 from trunk:

Gbp-Pq: CVE-2014-3581.patch.

41fb213... by Marc Deslauriers on 2015-03-05

[PATCH] SECURITY: CVE-2013-5704 (cve.mitre.org)

Gbp-Pq: CVE-2013-5704.patch.

ce8288c... by Marc Deslauriers on 2015-03-05

fix completely broken split-logfile command

Gbp-Pq: split-logfile.patch.

97d0424... by Marc Deslauriers on 2015-03-05

Pull upstream fixes for autotools for cross-compiling

Gbp-Pq: 086_svn_cross_compiles.

8ed1058... by Marc Deslauriers on 2015-03-05

add suexec-custom to the build system

Gbp-Pq: build_suexec-custom.patch.

64e5f12... by Marc Deslauriers on 2015-03-05

Adapt apxs to Debian specific changes

Gbp-Pq: customize_apxs.patch.