apache2 2.2.8-1ubuntu0.4 source package in Ubuntu

Changelog

apache2 (2.2.8-1ubuntu0.4) hardy-security; urgency=low

  [ Emanuele Gentili ]
  * SECURITY UPDATE:
   + debian/patches/201_security_CVE-2008-2364.dpatch (LP: #239894)
    - The ap_proxy_http_process_response function in mod_proxy_http.c
      in the mod_proxy module does not limit the number of forwarded
      interim responses, which allows remote HTTP servers to cause a
      denial of service (memory consumption) via a large number of
      interim responses.
   + References
    - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364

  [ Marc Deslauriers ]
  * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in
    mod_proxy_balancer
    - debian/patches/200_security_CVE-2007-6420.dpatch: generate and validate a
      nonce in modules/proxy/mod_proxy_balancer.c.
    - CVE-2007-6420
  * SECURITY UPDATE: Denial of service via large number of interim responses in
    mod_proxy module (LP: #239894)
    - debian/patches/201_security_CVE-2008-2364.dpatch: updated patch to newer
      version.
    - CVE-2008-2364
  * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the
    mod_proxy_ftp module
    - debian/patches/202_security_CVE-2008-2939.dpatch: escape the html
      contained in the wildcard value in modules/proxy/mod_proxy_ftp.c.
    - CVE-2008-2939

 -- Marc Deslauriers <email address hidden>   Thu, 05 Mar 2009 17:20:17 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Hardy
Original maintainer:
Ubuntu Development Team
Architectures:
any
Section:
web
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
apache2_2.2.8.orig.tar.gz 5.8 MiB f77955ef769b0af5d3879bc04c291950a0e721ce5a7aa22942f0492a87c09e1e
apache2_2.2.8-1ubuntu0.4.diff.gz 129.3 KiB 1027856514598b9239cbd1a72eda312b23a1f77ef230836e72bef950fc89590b
apache2_2.2.8-1ubuntu0.4.dsc 1.3 KiB fc52f1367dc6c3f3fbf7a91b12f3cc9791cb539831f4f0e4cdcb90fa87d5c7de

View changes file

Binary packages built by this source

apache2: No summary available for apache2 in ubuntu hardy.

No description available for apache2 in ubuntu hardy.

apache2-doc: No summary available for apache2-doc in ubuntu hardy.

No description available for apache2-doc in ubuntu hardy.

apache2-mpm-event: No summary available for apache2-mpm-event in ubuntu hardy.

No description available for apache2-mpm-event in ubuntu hardy.

apache2-mpm-perchild: No summary available for apache2-mpm-perchild in ubuntu hardy.

No description available for apache2-mpm-perchild in ubuntu hardy.

apache2-mpm-prefork: No summary available for apache2-mpm-prefork in ubuntu hardy.

No description available for apache2-mpm-prefork in ubuntu hardy.

apache2-mpm-worker: No summary available for apache2-mpm-worker in ubuntu hardy.

No description available for apache2-mpm-worker in ubuntu hardy.

apache2-prefork-dev: No summary available for apache2-prefork-dev in ubuntu hardy.

No description available for apache2-prefork-dev in ubuntu hardy.

apache2-src: No summary available for apache2-src in ubuntu hardy.

No description available for apache2-src in ubuntu hardy.

apache2-threaded-dev: No summary available for apache2-threaded-dev in ubuntu hardy.

No description available for apache2-threaded-dev in ubuntu hardy.

apache2-utils: No summary available for apache2-utils in ubuntu hardy.

No description available for apache2-utils in ubuntu hardy.

apache2.2-common: No summary available for apache2.2-common in ubuntu hardy.

No description available for apache2.2-common in ubuntu hardy.