Please merge apache2 2.2.14-5(main) from debian squeeze(main)

Bug #506862 reported by Bhavani Shankar on 2010-01-13
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
Undecided
Mathias Gug

Bug Description

Binary package hint: apache2

Debian Changelog:

 apache2 (2.2.14-5) unstable; urgency=low

   * Security: Further mitigation for the TLS renegotation attack
     (CVE-2009-3555): Disable keep-alive if parts of the next request have
     already been received when doing a renegotiation. This defends against
     some request splicing attacks.
   * Print a useful error message if 'apache2ctl status' fails. Add a comment
     to /etc/apache2/envvars on how to change the options for www-browser.
     Closes: #561496, #272069
   * Improve function to detect apache2 pid in init-script (closes: #562583).
   * Add hint README.Debian on how to pass auth info to CGI scripts.
     Closes: #483219
   * Re-introduce objcopy magic to avoid dangling symlinks to the debug info
     in the mpm packages. Closes: #563278
   * Make apxs2 use a2enmod and /etc/apache2/mods-available. Closes: #470178,
     LP: #500703
   * Point to README.backtrace in apache2-dbg's description.
   * Use more debhelper functions to simplify debian/rules.
   * Add misc-depends to various packages to make lintian happy.
   * Change build-dep from libcap2-dev to libcap-dev because of package rename.

 -- Stefan Fritsch <email address hidden> Sat, 02 Jan 2010 22:44:15 +0100

CVE References

Bhavani Shankar (bhavi) wrote :
Changed in apache2 (Ubuntu):
status: New → Confirmed
Mathias Gug (mathiaz) wrote :

Acked. I'll upload the package once alpha2 has been released.

Changed in apache2 (Ubuntu):
status: Confirmed → Fix Committed
assignee: nobody → Mathias Gug (mathiaz)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apache2 - 2.2.14-5ubuntu1

---------------
apache2 (2.2.14-5ubuntu1) lucid; urgency=low

  * Merge from debian testing. Remaining changes: LP: #506862
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree.

apache2 (2.2.14-5) unstable; urgency=low

  * Security: Further mitigation for the TLS renegotation attack
    (CVE-2009-3555): Disable keep-alive if parts of the next request have
    already been received when doing a renegotiation. This defends against
    some request splicing attacks.
  * Print a useful error message if 'apache2ctl status' fails. Add a comment
    to /etc/apache2/envvars on how to change the options for www-browser.
    Closes: #561496, #272069
  * Improve function to detect apache2 pid in init-script (closes: #562583).
  * Add hint README.Debian on how to pass auth info to CGI scripts.
    Closes: #483219
  * Re-introduce objcopy magic to avoid dangling symlinks to the debug info
    in the mpm packages. Closes: #563278
  * Make apxs2 use a2enmod and /etc/apache2/mods-available. Closes: #470178,
    LP: #500703
  * Point to README.backtrace in apache2-dbg's description.
  * Use more debhelper functions to simplify debian/rules.
  * Add misc-depends to various packages to make lintian happy.
  * Change build-dep from libcap2-dev to libcap-dev because of package rename.
 -- Bhavani Shankar <email address hidden> Wed, 13 Jan 2010 14:28:41 +0530

Changed in apache2 (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers