Bug#687114: pu: package apache2/2.2.16-6+squeeze8

To: Stefan Fritsch <sf@sfritsch.de>, 687114@bugs.debian.org
Subject: Bug#687114: pu: package apache2/2.2.16-6+squeeze8
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Tue, 11 Sep 2012 21:04:28 +0100
Message-id: <[🔎] 1347393868.5105.3.camel@jacala.jungle.funky-badger.org>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 687114@bugs.debian.org
In-reply-to: <[🔎] 20120909212357.13331.75053.reportbug@k.lan>
References: <[🔎] 20120909212357.13331.75053.reportbug@k.lan>

Control: tags -1 + squeeze confirmed

On Sun, 2012-09-09 at 23:23 +0200, Stefan Fritsch wrote:
> Please review apache2_2.2.16-6+squeeze8 for inclusion in squeeze. It fixes
> a minor security issue and some important bugs:
> 
>    * CVE-2012-2687: mod_negotiation: Escape filenames in variant list to
>      prevent a possible XSS vulnerability for a site where untrusted users
>      can upload files to a location with MultiViews enabled.
>    * Send 408 status instead of 400 if reading of a request fails with a
>      timeout. This allows browsers to retry. Closes: #677086
>    * mod_cache: Prevent Partial Content responses from being cached and served
>      as normal response. Closes: #671204
>    * mpm_itk: Fix an issue where users can sometimes get spurious 403s on
>      persistent connections. Closes: #672333

Assuming that the resulting package has been tested on a squeeze system,
please go ahead; thanks.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#687114: pu: package apache2/2.2.16-6+squeeze8
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- Bug#687114: pu: package apache2/2.2.16-6+squeeze8
  - From: Stefan Fritsch <sf@sfritsch.de>

Prev by Date: Bug#685633: pu: package network-manager/0.8.1-6+squeeze2
Next by Date: Processed: Re: Bug#687114: pu: package apache2/2.2.16-6+squeeze8
Previous by thread: Bug#687114: pu: package apache2/2.2.16-6+squeeze8
Next by thread: Bug#687114: pu: package apache2/2.2.16-6+squeeze8
Index(es):
- Date
- Thread