diff -u apache2-2.2.8/debian/control apache2-2.2.8/debian/control
--- apache2-2.2.8/debian/control
+++ apache2-2.2.8/debian/control
@@ -1,7 +1,8 @@
 Source: apache2
 Section: web
 Priority: optional
-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
+Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
 Uploaders: Tollef Fog Heen <tfheen@debian.org>, Thom May <thom@debian.org>, Fabio M. Di Nitto <fabbione@fabbione.net>, Adam Conrad <adconrad@0c3.net>, Peter Samuelson <peter@p12n.org>, Stefan Fritsch <sf@debian.org>
 Build-Depends: debhelper (>=4.1.16), dpatch, lsb-release, libaprutil1-dev, libapr1-dev (>= 1.2.7-6), openssl, libpcre3-dev, libtool, mawk, zlib1g-dev, libssl-dev, sharutils
 Standards-Version: 3.7.3.0
diff -u apache2-2.2.8/debian/changelog apache2-2.2.8/debian/changelog
--- apache2-2.2.8/debian/changelog
+++ apache2-2.2.8/debian/changelog
@@ -1,3 +1,19 @@
+apache2 (2.2.8-1ubuntu0.1) hardy-security; urgency=high
+
+  * SECURITY UPDATE:
+   + debian/patches/100_CVE-2008-2364.dpatch (LP: #239894)
+    - The ap_proxy_http_process_response function in mod_proxy_http.c
+      in the mod_proxy module does not limit the number of forwarded
+      interim responses, which allows remote HTTP servers to cause a
+      denial of service (memory consumption) via a large number of
+      interim responses.
+   + References
+    - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364
+
+  * Update Maintainer
+
+ -- Emanuele Gentili <emgent@ubuntu.com>  Sat, 14 Jun 2008 03:31:23 +0200
+
 apache2 (2.2.8-1) unstable; urgency=low
 
   * New upstream version:
diff -u apache2-2.2.8/debian/patches/00list apache2-2.2.8/debian/patches/00list
--- apache2-2.2.8/debian/patches/00list
+++ apache2-2.2.8/debian/patches/00list
@@ -19,0 +20 @@
+100_CVE-2008-2364.dpatch
only in patch2:
unchanged:
--- apache2-2.2.8.orig/debian/patches/100_CVE-2008-2364.dpatch
+++ apache2-2.2.8/debian/patches/100_CVE-2008-2364.dpatch
@@ -0,0 +1,87 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 100_CVE-2008-2364.dpatch by Emanuele Gentili <emgent@ubuntu.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad apache2-2.2.8~/modules/proxy/mod_proxy_http.c apache2-2.2.8/modules/proxy/mod_proxy_http.c
+--- apache2-2.2.8~/modules/proxy/mod_proxy_http.c	2007-12-08 15:01:47.000000000 +0100
++++ apache2-2.2.8/modules/proxy/mod_proxy_http.c	2008-06-14 03:30:23.000000000 +0200
+@@ -1309,6 +1309,16 @@
+     return rv;
+ }
+ 
++/*
++ * Limit the number of interim respones we sent back to the client. Otherwise
++ * we suffer from a memory build up. Besides there is NO sense in sending back
++ * an unlimited number of interim responses to the client. Thus if we cross
++ * this limit send back a 502 (Bad Gateway).
++ */
++#ifndef AP_MAX_INTERIM_RESPONSES
++#define AP_MAX_INTERIM_RESPONSES 10
++#endif
++
+ static
+ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
+                                             proxy_conn_rec *backend,
+@@ -1323,8 +1333,8 @@
+     apr_bucket *e;
+     apr_bucket_brigade *bb, *tmp_bb;
+     int len, backasswards;
+-    int interim_response; /* non-zero whilst interim 1xx responses
+-                           * are being read. */
++    int interim_response = 0; /* non-zero whilst interim 1xx responses
++                               * are being read. */
+     int pread_len = 0;
+     apr_table_t *save_table;
+     int backend_broke = 0;
+@@ -1339,6 +1349,7 @@
+      */
+ 
+     rp = ap_proxy_make_fake_req(origin, r);
++    ap_proxy_pre_http_request(origin, rp);
+     /* In case anyone needs to know, this is a fake request that is really a
+      * response.
+      */
+@@ -1469,8 +1480,7 @@
+             if ((buf = apr_table_get(r->headers_out, "Content-Type"))) {
+                 ap_set_content_type(r, apr_pstrdup(p, buf));
+             }
+-            ap_proxy_pre_http_request(origin,rp);
+-
++            
+             /* Clear hop-by-hop headers */
+             for (i=0; hop_by_hop_hdrs[i]; ++i) {
+                 apr_table_unset(r->headers_out, hop_by_hop_hdrs[i]);
+@@ -1518,7 +1528,12 @@
+             backend->close += 1;
+         }
+ 
+-        interim_response = ap_is_HTTP_INFO(r->status);
++        if (ap_is_HTTP_INFO(r->status)) {
++            interim_response++;
++        }
++        else {
++            interim_response = 0;
++        }
+         if (interim_response) {
+             /* RFC2616 tells us to forward this.
+              *
+@@ -1711,7 +1726,15 @@
+ 
+             apr_brigade_cleanup(bb);
+         }
+-    } while (interim_response);
++    } while (interim_response && (interim_response < AP_MAX_INTERIM_RESPONSES));
++
++    /* See define of AP_MAX_INTERIM_RESPONSES for why */
++    if (interim_response >= AP_MAX_INTERIM_RESPONSES) {
++        return ap_proxyerror(r, HTTP_BAD_GATEWAY,
++                             apr_psprintf(p, 
++                             "Too many (%d) interim responses from origin server",
++                             interim_response));
++    }
+ 
+     /* If our connection with the client is to be aborted, return DONE. */
+     if (c->aborted || backend_broke) {