[Bug 616759] Re: CVE-2009-3555 tracking bug

Launchpad Bug Tracker Tue, 21 Sep 2010 07:36:19 -0700

This bug was fixed in the package apache2 - 2.2.8-1ubuntu0.18

---------------
apache2 (2.2.8-1ubuntu0.18) hardy-security; urgency=low


  * debian/patches/212_sslinsecurerenegotiation-directive.dpatch: once
    openssl gets updated to fix CVE-2009-3555, server renegotiations with
    unpatched clients will fail. This patch adds the ability to revert to
    the previous unsafe behaviour with a new SSLInsecureRenegotiation
    directive. (LP: #616759)
  * debian/control: add specific dependency on first openssl version to get
    CVE-2009-3555 fix.
 -- Marc Deslauriers <marc.deslauri...@ubuntu.com>   Mon, 16 Aug 2010 13:39:40 
-0400

** Changed in: apache2 (Ubuntu Hardy)
       Status: In Progress => Fix Released

** Changed in: openssl (Ubuntu Hardy)
       Status: In Progress => Fix Released

-- 
CVE-2009-3555 tracking bug
https://bugs.launchpad.net/bugs/616759
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 616759] Re: CVE-2009-3555 tracking bug

Reply via email to