apache2 (2.2.14-2ubuntu1) lucid; urgency=low * Merge from debian testing, remaining changes: - debian/{control, rules}: Enable PIE hardening. - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles. - debian/conrol: Add bzr tag and point it to our tree. - removed debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch: it was already dropped from 00list, so just remove the patch entirely
apache2 (2.2.14-2) unstable; urgency=medium * Security: Reject any client-initiated SSL/TLS renegotiations. This is a partial fix for the TLS renegotiation prefix injection attack (CVE-2009-3555). Any configuration which requires renegotiation for per-directory/location access control is still vulnerable. * Allow RemoveType to override the types from /etc/mime.types. This allows to use .es and .tr for Spanish and Turkish files in mod_negotiation. Closes: #496080 * Fix 'CacheEnable disk http://'. Closes: #442266 * Fix missing dependency by changing killall to pkill in the init script. LP: #460692 * Add X-Interactive header to init script as it may ask for the ssl key passphrase. Closes: #554824 * Move httxt2dbm man page into apache2.2-bin, which includes httxt2dbm, too. * Enable keepalive for MSIE 7 and newer in default-ssl site and README.Debian Date: Thu, 12 Nov 2009 16:09:30 -0600 Changed-By: Jamie Strandboge <ja...@ubuntu.com> Maintainer: Ubuntu Core Developers <ubuntu-devel-disc...@lists.ubuntu.com> https://launchpad.net/ubuntu/lucid/+source/apache2/2.2.14-2ubuntu1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 12 Nov 2009 16:09:30 -0600 Source: apache2 Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg Architecture: source Version: 2.2.14-2ubuntu1 Distribution: lucid Urgency: medium Maintainer: Ubuntu Core Developers <ubuntu-devel-disc...@lists.ubuntu.com> Changed-By: Jamie Strandboge <ja...@ubuntu.com> Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-itk - multiuser MPM for Apache 2.2 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-bin - Apache HTTP Server common binary files apache2.2-common - Apache HTTP Server common files Closes: 442266 496080 554824 Changes: apache2 (2.2.14-2ubuntu1) lucid; urgency=low . * Merge from debian testing, remaining changes: - debian/{control, rules}: Enable PIE hardening. - debian/{control, rules, pache2.2-common.ufw.profile}: Add ufw profiles. - debian/conrol: Add bzr tag and point it to our tree. - removed debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch: it was already dropped from 00list, so just remove the patch entirely . apache2 (2.2.14-2) unstable; urgency=medium . * Security: Reject any client-initiated SSL/TLS renegotiations. This is a partial fix for the TLS renegotiation prefix injection attack (CVE-2009-3555). Any configuration which requires renegotiation for per-directory/location access control is still vulnerable. * Allow RemoveType to override the types from /etc/mime.types. This allows to use .es and .tr for Spanish and Turkish files in mod_negotiation. Closes: #496080 * Fix 'CacheEnable disk http://'. Closes: #442266 * Fix missing dependency by changing killall to pkill in the init script. LP: #460692 * Add X-Interactive header to init script as it may ask for the ssl key passphrase. Closes: #554824 * Move httxt2dbm man page into apache2.2-bin, which includes httxt2dbm, too. * Enable keepalive for MSIE 7 and newer in default-ssl site and README.Debian Checksums-Sha1: 4b685caf660cc04ba323d9ebb8c812cf9f7fa19f 2008 apache2_2.2.14-2ubuntu1.dsc 529b4c4e0737c679430ab0d1b8d04711bc2bf8a4 185939 apache2_2.2.14-2ubuntu1.diff.gz Checksums-Sha256: cc366ed1069603e6687af9eacffc218f305a427c6caf09d53ceea1ed5b2765c4 2008 apache2_2.2.14-2ubuntu1.dsc 7dc16d701a7bd3cfc5a2433250d0e6ba50c1c1e9d8f808b234f0582b9027077d 185939 apache2_2.2.14-2ubuntu1.diff.gz Files: 336777c2e677c623384e8a8c09073163 2008 httpd optional apache2_2.2.14-2ubuntu1.dsc e1ec0d0d87ad160f4018f3b25133971f 185939 httpd optional apache2_2.2.14-2ubuntu1.diff.gz Launchpad-Bugs-Fixed: 460692 Original-Maintainer: Debian Apache Maintainers <debian-apa...@lists.debian.org> Original-Vcs-Browser: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2 Original-Vcs-Svn: svn://svn.debian.org/pkg-apache/trunk/apache2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkr8kAEACgkQW0JvuRdL8BpYFwCgkH9NNL+1UqMxzGqfHXBcg1rP ObMAoJt2BaaQREaAvlqj65RYpXVsxTR1 =yNsl -----END PGP SIGNATURE-----
-- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes