Bug#687114: pu: package apache2/2.2.16-6+squeeze8
Control: tags -1 + squeeze confirmed
On Sun, 2012-09-09 at 23:23 +0200, Stefan Fritsch wrote:
> Please review apache2_2.2.16-6+squeeze8 for inclusion in squeeze. It fixes
> a minor security issue and some important bugs:
>
> * CVE-2012-2687: mod_negotiation: Escape filenames in variant list to
> prevent a possible XSS vulnerability for a site where untrusted users
> can upload files to a location with MultiViews enabled.
> * Send 408 status instead of 400 if reading of a request fails with a
> timeout. This allows browsers to retry. Closes: #677086
> * mod_cache: Prevent Partial Content responses from being cached and served
> as normal response. Closes: #671204
> * mpm_itk: Fix an issue where users can sometimes get spurious 403s on
> persistent connections. Closes: #672333
Assuming that the resulting package has been tested on a squeeze system,
please go ahead; thanks.
Regards,
Adam
Reply to: