Public bug reported:
Binary package hint: apache2
Apache2 in an LTS release would greatly benefit from some recent changes
in the Debian package:
In 2.2.14-6:
* Add a hook to apache2.2-common's postrm script that may come in handy
when upgrading to 2.4.
This may allow to do the 2.2 -> 2.4 upgrade in a cleaner way than the
hack that was done for 2.0 -> 2.2 (which involved apache2.2-common
deleting apache2-common's postrm script).
In 2.2.15:
- mod_ssl: Add SSLInsecureRenegotiation directive to allows insecure
renegotiation with clients which do not yet support the secure
renegotiation protocol. As this requires openssl 0.9.8m, bump
build dependency accordingly.
This allows an admin to configure how to treat clients that are
vulnerable to CVE-2009-3555. Also, 2.2.15 has some improved protection
for vulnerable clients.
In case you want to update to the most recent version despite the
sizable changes, you should use 2.2.15-3, which has some important bug
fixes over 2.2.15-2.
** Affects: apache2 (Ubuntu)
Importance: Undecided
Status: New
--
consider a newer version of apache2 for lucid or backport some changes
https://bugs.launchpad.net/bugs/551221
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
