* SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740)
- debian/patches/212_CVE-2011-3368.dpatch: return 400
on invalid requests. (patch courtesy of Michael Jeanson)
- debian/patches/214_CVE-2011-3368_part2.dpatch: fix same for http
0.9 protocol
- CVE-2011-3368
* SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674)
- debian/patches/213_CVE-2011-3348.dpatch: return
HTTP_NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested
- CVE-2011-3348
* SECURITY UPDATE: mpm-itk failure to drop privileges in certain
configurations
- debian/mpm-itk/patches/11-CVE-2011-1176.patch: merge
configurations correctly
- CVE-2011-1176
* Include additional fixes for regressions introduced by
CVE-2011-3192 fixes
- debian/patches/084_CVE-2011-3192_regression_part2.dpatch:
take upstream fixes for byterange_filter.c through the 2.2.21
release except for the added MaxRanges configuration option along
with a fix staged for 2.2.22.
-- Steve Beattie <email address hidden> Wed, 02 Nov 2011 17:21:04 -0700
This bug was fixed in the package apache2 - 2.2.17-1ubuntu1.4
---------------
apache2 (2.2.17-1ubuntu1.4) natty-security; urgency=low
* SECURITY UPDATE: mod_proxy reverse proxy exposure (LP: #877740) patches/ 212_CVE- 2011-3368. dpatch: return 400 patches/ 214_CVE- 2011-3368_ part2.dpatch: fix same for http patches/ 213_CVE- 2011-3348. dpatch: return NOT_IMPLEMENTED when AJP_EBAD_METHOD is requested mpm-itk/ patches/ 11-CVE- 2011-1176. patch: merge tions correctly patches/ 084_CVE- 2011-3192_ regression_ part2.dpatch:
- debian/
on invalid requests. (patch courtesy of Michael Jeanson)
- debian/
0.9 protocol
- CVE-2011-3368
* SECURITY UPDATE: mod_proxy_ajp denial of service (LP: #871674)
- debian/
HTTP_
- CVE-2011-3348
* SECURITY UPDATE: mpm-itk failure to drop privileges in certain
configurations
- debian/
configura
- CVE-2011-1176
* Include additional fixes for regressions introduced by
CVE-2011-3192 fixes
- debian/
take upstream fixes for byterange_filter.c through the 2.2.21
release except for the added MaxRanges configuration option along
with a fix staged for 2.2.22.
-- Steve Beattie <email address hidden> Wed, 02 Nov 2011 17:21:04 -0700