Comment 42 for bug 589611

This was not committed to lucid-proposed. Current lucid-proposed is a security fix:

apache2 (2.2.14-5ubuntu8.2) lucid-security; urgency=low

  * debian/patches/211-sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.

This one is next in queue.