incorrect module dependencies

Bug #1205314 reported by Marc Deslauriers on 2013-07-26
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apache2 (Debian)
Fix Released
apache2 (Ubuntu)
Marc Deslauriers

Bug Description

Apache 2.4.4-6ubuntu5 and 2.4.6-2 has an incorrect module dependency in the lbmethod_* module files:

# Depends: mod_proxy_balancer

should be:

# Depends: proxy_balancer

CVE References

Changed in apache2 (Ubuntu):
assignee: nobody → Marc Deslauriers (mdeslaur)
importance: Undecided → Medium
Changed in apache2 (Debian):
status: Unknown → New
Launchpad Janitor (janitor) wrote :
Download full text (3.2 KiB)

This bug was fixed in the package apache2 - 2.4.6-2ubuntu1

apache2 (2.4.6-2ubuntu1) saucy; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/, debian/apache2-bin.install: Add apport hook.
    - debian/control, debian/config-dir/mods-available/ssl.conf,
      debian/ask-for-passphrase, debian/apache2.install: Plymouth aware
      passphrase dialog program ask-for-passphrase.
    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE
      to configure.
    - debian/patches/086_svn_cross_compiles: Backport several cross fixes
      from upstream
  * Dropped changes:
    - debian/patches/CVE-2013-1896.patch: upstream
  * Fixed module dependencies (LP: #1205314)
    - debian/config-dir/mods-available/lbmethod_*: properly specify
      proxy_balancer, not mod_proxy_balancer.

apache2 (2.4.6-2) unstable; urgency=low

  [ Stefan Fritsch ]
  * Fix watch file
  * Don't pass --silent to libtool, allowing blhc to check the compiler
    options in the build logs.

  [ Arno Töll ]
  * Allow third party packages to use triggers if they use them in a
    maintainer script invoking apache2-maintscript-helper (Closes: #717610)

apache2 (2.4.6-1) unstable; urgency=low

  New upstream release:
  * CVE-2013-1896: mod_dav: Fix a denial of service via MERGE request
    (Closes: #717272)
  * New modules mod_cache_socache, mod_proxy_wstunnel.
  * mod_ssl: Add support for subjectAltName-based host name checking in proxy
    mode (SSLProxyCheckPeerName).
  * mod_lua: Many new functions.
  * mod_auth_basic: Add a generic mechanism to fake basic authentication
    using the ap_expr parser (AuthBasicFake).
  * mod_proxy: New BalancerInherit and ProxyPassInherit options.
  * mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind password.

  [ Arno Töll ]
  * Document our security model in our NEWS file and highlight we do not allow
    access to /srv. Thanks to joeyh for pointing this out.
  * Allow the use of apache2-maintscript-helper from a sub-function. We rely
    on dpkg's arguments supplied in $1, $2 etc. This clashes with function
    arguments supplied to to sh sub-function. Allow manual override in such
  * Mention that the dh_apache2 conditional must be present in postrm too
    (Closes: #716694)
  * Fix "dh_apache2 ignores alternative httpd on conf files" by correctly
    checking the supplied arguments, we were off by one (Closes: #717299).
  * Reinstall index.html also on upgrades as it is removed during upgrades.
  * Add mod_macro transitional package as it was promoted to core and does not
    exist as individual package anymore (Closes: #706962)

  [ Stefan Fritsch ]
  * Don't fail package upgrade or removal just because the configuration is in
    an inconsistent state (Closes: #716921, #717343, LP: #1202653).
  * Improve error output of init script.
  * Fix broken dependency information in several *.load files.
  * Add mod_authn_core as dependency of the mod_auth_* modules.
    (Closes: #717448)
 -- Marc Desla...


Changed in apache2 (Ubuntu):
status: New → Fix Released
Changed in apache2 (Debian):
status: New → Fix Committed
Changed in apache2 (Debian):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.