Bug#642956: pu: package apache2/2.2.16-6+squeeze4
tag 642956 + confirmed squeeze
On Mon, 2011-09-26 at 18:31 +0200, Stefan Fritsch wrote:
> On Monday 26 September 2011, Adam D. Barratt wrote:
> > On Mon, 2011-09-26 at 00:34 +0200, Stefan Fritsch wrote:
> > > Please review apache2/2.2.16-6+squeeze4 for inclusion in s-p-u.
> > > It fixes a minor DoS issue, some bugs in the init script and
> > > adds some docs.
> > Thanks for this. A couple of queries:
> > > * Fix CVE-2011-3348: Possible denial of service in
> > > mod_proxy_ajp
> > >
> > > if combined with mod_proxy_balancer.
> > As far as I can tell from the upload history and the security
> > tracker, this is still unfixed in unstable - is that correct?
> Yes. It's included in upstream 2.2.21 which I will upload to unstable
> shortly. So, the patch has already seen some use and is unlikely to
> introduce regressions.
Please go ahead; thanks.