Hi stable release managers, please review apache2 2.2.3-4+etch6 for inclusion in etch r5. It fixes a couple of minor security issues and two severe bugs for which the patches had not received enough testing at time of the last upload.
apache2 (2.2.3-4+etch6) stable; urgency=low * Fix CVE-2007-6388: XSS in mod_status * Fix CVE-2008-2939: XSS in mod_proxy_ftp * Fix CVE-2008-2364: DoS in mod_proxy_http * Fix salt generation weakness in htpasswd (Closes: #489899) * Fix processes hanging on graceful restart or shutdown with prefork MPM. * mod_cache: Handle If-Range correctly if the cached resource was stale. This fixes problems when using apt with mod_cache (closes: #470652). The full debdiff is at http://www.sfritsch.de/~stf/2.2.3-4+etch6.debdiff The fix for the graceful restart issue requires a _sourceful_ upload of apache2-mpm-itk because the its patches will no longer apply cleanly. Also, the version of apache2-mpm-itk in etch still has that bug that it won't FTBFS if it can't apply the patches, but produce broken binaries instead. That could be fixed in the same upload. I can do the upload of apache2-mpm-itk after apache2 has been built on all architectures, or sesse can do it if he wants to. Cheers, Stefan
signature.asc
Description: This is a digitally signed message part.