ubuntu/+source/apache2:applied/ubuntu/yakkety-devel

Last commit made on 2017-06-26
Get this branch:
git clone -b applied/ubuntu/yakkety-devel https://git.launchpad.net/ubuntu/+source/apache2
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/yakkety-devel
Repository:
lp:ubuntu/+source/apache2

Recent commits

ed46f27... by Marc Deslauriers on 2017-06-26

Import patches-applied version 2.4.18-2ubuntu4.2 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 59181d55c088186b8fdbac93ebfecb6ecb77799b
Unapplied parent: 20f84083a9f4578ac55e63b09549b1abce1b36d7

New changelog entries:
  * SECURITY UPDATE: authentication bypass in ap_get_basic_auth_pw()
    - debian/patches/CVE-2017-3167.patch: deprecate and replace
      ap_get_basic_auth_pw in include/ap_mmn.h, include/http_protocol.h,
      server/protocol.c, server/request.c.
    - CVE-2017-3167
  * SECURITY UPDATE: NULL pointer deref in ap_hook_process_connection()
    - debian/patches/CVE-2017-3169.patch: fix ctx passed to
      ssl_io_filter_error() in modules/ssl/ssl_engine_io.c.
    - CVE-2017-3169
  * SECURITY UPDATE: denial of service and possible incorrect value return
    in HTTP strict parsing changes
    - debian/patches/CVE-2017-7668.patch: short-circuit on NULL in
      server/util.c.
    - CVE-2017-7668
  * SECURITY UPDATE: mod_mime DoS via crafted Content-Type response header
    - debian/patches/CVE-2017-7679.patch: fix quoted pair scanning in
      modules/http/mod_mime.c.
    - CVE-2017-7679

20f8408... by Marc Deslauriers on 2017-06-26

[PATCH] Merge 1797550 from trunk:

Gbp-Pq: CVE-2017-7679.patch.

ba740b6... by Marc Deslauriers on 2017-06-26

[PATCH] Merge r1796350 from trunk:

Gbp-Pq: CVE-2017-7668.patch.

e2ec089... by Marc Deslauriers on 2017-06-26

[PATCH] Merge r1796343 from trunk:

Gbp-Pq: CVE-2017-3169.patch.

8d24f73... by Marc Deslauriers on 2017-06-26

[PATCH] Merge r1796348 from trunk:

Gbp-Pq: CVE-2017-3167.patch.

23bf0c9... by Marc Deslauriers on 2017-06-26

relax hostname restrictions

Gbp-Pq: hostnames_with_underscores.diff.

42894e4... by Marc Deslauriers on 2017-06-26

fix response splitting and cache pollution issue via

Gbp-Pq: CVE-2016-8743.patch.

98179e2... by Marc Deslauriers on 2017-06-26

fix denial of service via malicious mod_auth_digest input

Gbp-Pq: CVE-2016-2161.patch.

9791397... by Marc Deslauriers on 2017-06-26

fix mod_sessioncrypto padding oracle attack issue

Gbp-Pq: CVE-2016-0736.patch.

9857ce8... by Marc Deslauriers on 2017-06-26

fix proxy request header vulnerability (httpoxy)

Gbp-Pq: CVE-2016-5387.patch.