This bug was fixed in the package apache2 - 2.4.6-2ubuntu1

---------------
apache2 (2.4.6-2ubuntu1) saucy; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - debian/control, debian/config-dir/mods-available/ssl.conf,
      debian/ask-for-passphrase, debian/apache2.install: Plymouth aware
      passphrase dialog program ask-for-passphrase.
    - debian/rules: Fix cross-building by passing DEB_{HOST,BUILD}_GNU_TYPE
      to configure.
    - debian/patches/086_svn_cross_compiles: Backport several cross fixes
      from upstream
  * Dropped changes:
    - debian/patches/CVE-2013-1896.patch: upstream
  * Fixed module dependencies (LP: #1205314)
    - debian/config-dir/mods-available/lbmethod_*: properly specify
      proxy_balancer, not mod_proxy_balancer.

apache2 (2.4.6-2) unstable; urgency=low

  [ Stefan Fritsch ]
  * Fix watch file
  * Don't pass --silent to libtool, allowing blhc to check the compiler
    options in the build logs.

  [ Arno Töll ]
  * Allow third party packages to use triggers if they use them in a
    maintainer script invoking apache2-maintscript-helper (Closes: #717610)

apache2 (2.4.6-1) unstable; urgency=low

  New upstream release:
  * CVE-2013-1896: mod_dav: Fix a denial of service via MERGE request
    (Closes: #717272)
  * New modules mod_cache_socache, mod_proxy_wstunnel.
  * mod_ssl: Add support for subjectAltName-based host name checking in proxy
    mode (SSLProxyCheckPeerName).
  * mod_lua: Many new functions.
  * mod_auth_basic: Add a generic mechanism to fake basic authentication
    using the ap_expr parser (AuthBasicFake).
  * mod_proxy: New BalancerInherit and ProxyPassInherit options.
  * mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind password.

  [ Arno Töll ]
  * Document our security model in our NEWS file and highlight we do not allow
    access to /srv. Thanks to joeyh for pointing this out.
  * Allow the use of apache2-maintscript-helper from a sub-function. We rely
    on dpkg's arguments supplied in $1, $2 etc. This clashes with function
    arguments supplied to to sh sub-function. Allow manual override in such
    cases.
  * Mention that the dh_apache2 conditional must be present in postrm too
    (Closes: #716694)
  * Fix "dh_apache2 ignores alternative httpd on conf files" by correctly
    checking the supplied arguments, we were off by one (Closes: #717299).
  * Reinstall index.html also on upgrades as it is removed during upgrades.
  * Add mod_macro transitional package as it was promoted to core and does not
    exist as individual package anymore (Closes: #706962)

  [ Stefan Fritsch ]
  * Don't fail package upgrade or removal just because the configuration is in
    an inconsistent state (Closes: #716921, #717343, LP: #1202653).
  * Improve error output of init script.
  * Fix broken dependency information in several *.load files.
  * Add mod_authn_core as dependency of the mod_auth_* modules.
    (Closes: #717448)
 -- Marc Deslauriers <email address hidden>   Fri, 26 Jul 2013 08:31:33 -0400