Comment 24 for bug 1394403

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apache2 - 2.4.7-1ubuntu4.13

---------------
apache2 (2.4.7-1ubuntu4.13) trusty-security; urgency=medium

  * SECURITY UPDATE: proxy request header vulnerability (httpoxy)
    - debian/patches/CVE-2016-5387.patch: don't pass through HTTP_PROXY in
      server/util_script.c.
    - CVE-2016-5387
  * This update does _not_ contain the changes from (2.4.7-1ubuntu4.12) in
    trusty-proposed.

 -- Marc Deslauriers <email address hidden> Thu, 14 Jul 2016 08:40:55 -0400