apache2_2.2.22-4_i386.changes ACCEPTED into unstable

To: Stefan Fritsch <sf@debian.org>, Debian Apache Maintainers <debian-apache@lists.debian.org>
Subject: apache2_2.2.22-4_i386.changes ACCEPTED into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sun, 15 Apr 2012 22:02:36 +0000
Message-id: <[🔎] E1SJXWm-0006Av-08@franck.debian.org>



Accepted:
apache2-dbg_2.2.22-4_i386.deb
  to main/a/apache2/apache2-dbg_2.2.22-4_i386.deb
apache2-doc_2.2.22-4_all.deb
  to main/a/apache2/apache2-doc_2.2.22-4_all.deb
apache2-mpm-event_2.2.22-4_i386.deb
  to main/a/apache2/apache2-mpm-event_2.2.22-4_i386.deb
apache2-mpm-itk_2.2.22-4_i386.deb
  to main/a/apache2/apache2-mpm-itk_2.2.22-4_i386.deb
apache2-mpm-prefork_2.2.22-4_i386.deb
  to main/a/apache2/apache2-mpm-prefork_2.2.22-4_i386.deb
apache2-mpm-worker_2.2.22-4_i386.deb
  to main/a/apache2/apache2-mpm-worker_2.2.22-4_i386.deb
apache2-prefork-dev_2.2.22-4_i386.deb
  to main/a/apache2/apache2-prefork-dev_2.2.22-4_i386.deb
apache2-suexec-custom_2.2.22-4_i386.deb
  to main/a/apache2/apache2-suexec-custom_2.2.22-4_i386.deb
apache2-suexec_2.2.22-4_i386.deb
  to main/a/apache2/apache2-suexec_2.2.22-4_i386.deb
apache2-threaded-dev_2.2.22-4_i386.deb
  to main/a/apache2/apache2-threaded-dev_2.2.22-4_i386.deb
apache2-utils_2.2.22-4_i386.deb
  to main/a/apache2/apache2-utils_2.2.22-4_i386.deb
apache2.2-bin_2.2.22-4_i386.deb
  to main/a/apache2/apache2.2-bin_2.2.22-4_i386.deb
apache2.2-common_2.2.22-4_i386.deb
  to main/a/apache2/apache2.2-common_2.2.22-4_i386.deb
apache2_2.2.22-4.debian.tar.gz
  to main/a/apache2/apache2_2.2.22-4.debian.tar.gz
apache2_2.2.22-4.dsc
  to main/a/apache2/apache2_2.2.22-4.dsc
apache2_2.2.22-4_i386.deb
  to main/a/apache2/apache2_2.2.22-4_i386.deb


Changes:
apache2 (2.2.22-4) unstable; urgency=high
 .
  * CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual
    hosts' config files.
    If scripting modules like mod_php or mod_rivet are enabled on systems
    where either 1) some frontend server forwards connections to an apache2
    backend server on the localhost address, or 2) the machine running
    apache2 is also used for web browsing, this could allow a remote
    attacker to execute example scripts stored under /usr/share/doc.
    Depending on the installed packages, this could lead to issues like cross
    site scripting, code execution, or leakage of sensitive data.


Override entries for your package:
apache2-dbg_2.2.22-4_i386.deb - extra debug
apache2-doc_2.2.22-4_all.deb - optional doc
apache2-mpm-event_2.2.22-4_i386.deb - optional httpd
apache2-mpm-itk_2.2.22-4_i386.deb - extra httpd
apache2-mpm-prefork_2.2.22-4_i386.deb - optional httpd
apache2-mpm-worker_2.2.22-4_i386.deb - optional httpd
apache2-prefork-dev_2.2.22-4_i386.deb - extra httpd
apache2-suexec-custom_2.2.22-4_i386.deb - extra httpd
apache2-suexec_2.2.22-4_i386.deb - optional httpd
apache2-threaded-dev_2.2.22-4_i386.deb - extra httpd
apache2-utils_2.2.22-4_i386.deb - optional httpd
apache2.2-bin_2.2.22-4_i386.deb - optional httpd
apache2.2-common_2.2.22-4_i386.deb - optional httpd
apache2_2.2.22-4.dsc - source httpd
apache2_2.2.22-4_i386.deb - optional httpd

Announcing to debian-devel-changes@lists.debian.org


Thank you for your contribution to Debian.

Reply to:

Prev by Date: Processing of apache2_2.2.22-4_i386.changes
Next by Date: Re: Passing LDFLAGS to Apache modules for hardened build flags
Previous by thread: Processing of apache2_2.2.22-4_i386.changes
Next by thread: apache2_2.2.16-6+squeeze7_i386.changes ACCEPTED into proposed-updates
Index(es):
- Date
- Thread