This bug was fixed in the package apache2 - 2.2.8-1ubuntu0.24
---------------
apache2 (2.2.8-1ubuntu0.24) hardy-security; urgency=low
* SECURITY UPDATE: XSS vulnerability in mod_negotiation
- debian/patches/224_CVE-2012-2687.dpatch: escape filenames in
modules/mappers/mod_negotiation.c.
- CVE-2012-2687
* SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
- debian/patches/225_CVE-2012-4929.dpatch: backport SSLCompression
on|off directive. Defaults to off as enabling compression enables the
CRIME attack.
- CVE-2012-4929
-- Marc Deslauriers <marc.deslauri...@ubuntu.com> Tue, 06 Nov 2012 15:01:07
-0500
** Changed in: apache2 (Ubuntu)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2687
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/1068854
Title:
Support option to disable TLS compression to protect against CRIME
attack
To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1068854/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
