[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted apache2 2.2.3-4+etch4 (source all i386)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 27 Jan 2008 19:05:30 +0100
Source: apache2
Binary: apache2-utils apache2-prefork-dev apache2 apache2-mpm-prefork apache2-doc apache2-mpm-event apache2.2-common apache2-mpm-worker apache2-src apache2-threaded-dev apache2-mpm-perchild
Architecture: source all i386
Version: 2.2.3-4+etch4
Distribution: stable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description: 
 apache2    - Next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-event - Event driven model for Apache HTTPD 2.1
 apache2-mpm-perchild - Transitional package - please remove
 apache2-mpm-prefork - Traditional model for Apache HTTPD 2.1
 apache2-mpm-worker - High speed threaded model for Apache HTTPD 2.1
 apache2-prefork-dev - development headers for apache2
 apache2-src - Apache source code
 apache2-threaded-dev - development headers for apache2
 apache2-utils - utility programs for webservers
 apache2.2-common - Next generation, scalable, extendable web server
Closes: 399776 421557 453630 453783
Changes: 
 apache2 (2.2.3-4+etch4) stable; urgency=low
 .
   * Fix various cross site scripting vulnerabilities with browsers that do not
     conform to RFC 2616: Apache now adds explicit ContentType and Charset
     headers to the output of various modules, even if AddDefaultCharset is
     commented out. This includes directory indexes generated by mod_autoindex
     and mod_proxy_ftp, which are now marked as iso-8859-1 by default.
     (CVE-2007-4465, CVE-2008-0005, closes: #453783)
     To allow to specify the character set for the directory indexes, the
     Charset and Type IndexOptions and the ProxyFtpDirCharset directive have
     been backported from 2.2.8.
     If you use mod_autoindex and use UTF-8 for your filenames, you should add
     Charset=UTF-8 to the IndexOptions line in /etc/apache2/apache2.conf .
     If you use mod_proxy_ftp, the default charset can be set with the
     ProxyFtpDirCharset directive in /etc/apache2/mods-available/proxy.conf .
     ProxyFtpDirCharset can also be used inside <Proxy ...> </Proxy> blocks to
     set the charset for specific servers.
   * Reduce memory usage of chunk filter and ap_rwrite/ap_rflush
     (Closes: #399776, #421557)
   * More minor security fixes:
     - XSS in mod_imagemap (CVE-2007-5000)
     - XSS in mod_proxy_balancer's balancer manager (CVE-2007-6421)
     - XSS in HTTP method in 413 error message (CVE-2007-6203)
     - possible crash in mod_proxy_balancer's balancer manager (CVE-2007-6422)
   * Fix mod_proxy_balancer configuration file parsing (closes: #453630).
   * Don't ship NEWS.Debian with apache2-utils as it affects only the server.
     Remove bogus reference to 2.2.3-5 from README.Debian, and add note about
     MSIE SSL workaround.
Files: 
 7a9f7cae5c4368048798889955526454 1068 web optional apache2_2.2.3-4+etch4.dsc
 968d61aa99c002e26f9716ba30668311 119551 web optional apache2_2.2.3-4+etch4.diff.gz
 c653dbf159be545ea5f4150349432702 963826 web optional apache2.2-common_2.2.3-4+etch4_i386.deb
 fcee959fa33420648a00c70127022974 423734 web optional apache2-mpm-worker_2.2.3-4+etch4_i386.deb
 ab752e1733e8d807ef6e6f070942e892 419912 web optional apache2-mpm-prefork_2.2.3-4+etch4_i386.deb
 266d8e5f5f43d8ea1ed5eddd793e283a 424260 web optional apache2-mpm-event_2.2.3-4+etch4_i386.deb
 02d5d921ff18d6f669baa75978cfaabb 341652 web optional apache2-utils_2.2.3-4+etch4_i386.deb
 d5505286937f678397f6c3e8cc734a43 408130 devel optional apache2-prefork-dev_2.2.3-4+etch4_i386.deb
 83cd44960ce9e8fef3d205b81c25ed30 408814 devel optional apache2-threaded-dev_2.2.3-4+etch4_i386.deb
 e36c2d1d3f3672e737714b11a5b4267a 274740 web optional apache2-mpm-perchild_2.2.3-4+etch4_all.deb
 c751eb38da32683f6402cce6bf9c52be 41442 web optional apache2_2.2.3-4+etch4_all.deb
 a336153800f26c8875170b20de281fc7 2209280 doc optional apache2-doc_2.2.3-4+etch4_all.deb
 f84520523c20161149c508f00752767a 6615728 devel extra apache2-src_2.2.3-4+etch4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHnMzMbxelr8HyTqQRAnz9AJ0fo83STQrPCTqt3uAhr6PTJ59xzgCgna8l
3VZD992mATegUXxekL6UmEw=
=p49f
-----END PGP SIGNATURE-----


Accepted:
apache2-doc_2.2.3-4+etch4_all.deb
  to pool/main/a/apache2/apache2-doc_2.2.3-4+etch4_all.deb
apache2-mpm-event_2.2.3-4+etch4_i386.deb
  to pool/main/a/apache2/apache2-mpm-event_2.2.3-4+etch4_i386.deb
apache2-mpm-perchild_2.2.3-4+etch4_all.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch4_all.deb
apache2-mpm-prefork_2.2.3-4+etch4_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch4_i386.deb
apache2-mpm-worker_2.2.3-4+etch4_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch4_i386.deb
apache2-prefork-dev_2.2.3-4+etch4_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch4_i386.deb
apache2-src_2.2.3-4+etch4_all.deb
  to pool/main/a/apache2/apache2-src_2.2.3-4+etch4_all.deb
apache2-threaded-dev_2.2.3-4+etch4_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch4_i386.deb
apache2-utils_2.2.3-4+etch4_i386.deb
  to pool/main/a/apache2/apache2-utils_2.2.3-4+etch4_i386.deb
apache2.2-common_2.2.3-4+etch4_i386.deb
  to pool/main/a/apache2/apache2.2-common_2.2.3-4+etch4_i386.deb
apache2_2.2.3-4+etch4.diff.gz
  to pool/main/a/apache2/apache2_2.2.3-4+etch4.diff.gz
apache2_2.2.3-4+etch4.dsc
  to pool/main/a/apache2/apache2_2.2.3-4+etch4.dsc
apache2_2.2.3-4+etch4_all.deb
  to pool/main/a/apache2/apache2_2.2.3-4+etch4_all.deb
Reply to: