This bug was fixed in the package apache2 - 2.2.21-3ubuntu1 --------------- apache2 (2.2.21-3ubuntu1) precise; urgency=low
* Merge from Debian testing. Remaining changes: - debian/{control, rules}: Enable PIE hardening. - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. - debian/control: Add bzr tag and point it to our tree - debian/apache2.py, debian/apache2.2-common.install: Add apport hook. - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf: Plymouth aware passphrase dialog program ask-for-passphrase. apache2 (2.2.21-3) unstable; urgency=medium * Fix CVE-2011-4317: Prevent unintended pattern expansion in some reverse proxy configurations. (Similar to CVE-2011-3368, but different attack vector.) * Fix CVE-2011-3607: Integer overflow in ap_pregsub could cause segfault via malicious .htaccess. * Mention dpkg-statoverride for changing permissions of suexec. LP: #897120 * Fix broken link in docs. Closes: #650528 * Remove Tollef Fog Heen, Thom May, and Peter Samuelson from uploaders. Thanks for your work in the past. -- Chuck Short <zul...@ubuntu.com> Fri, 09 Dec 2011 05:20:43 +0000 ** Changed in: apache2 (Ubuntu) Status: New => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-3368 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-3607 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-4317 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/897120 Title: apache2-suexec-custom changes permissions on suexec binary To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/897120/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs