-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 28 Sep 2014 18:50:54 +0200 Source: apache2 Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg Architecture: source all amd64 Version: 2.2.16-6+squeeze13 Distribution: squeeze-lts Urgency: medium Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Holger Levsen <holger@debian.org> Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-itk - multiuser MPM for Apache 2.2 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-bin - Apache HTTP Server common binary files apache2.2-common - Apache HTTP Server common files Changes: apache2 (2.2.16-6+squeeze13) squeeze-lts; urgency=medium . * Non-maintainer upload by the Squeeze LTS Team. * SECURITY UPDATE: resource consumption via mod_deflate body decompression - debian/patches/CVE-2014-0118.dpatch: added new configuration options DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and DeflateInflateRatioBurst in modules/filters/mod_deflate.c. * SECURITY UPDATE: denial of service via race in mod_status - debian/patches/CVE-2014-0226.dpatch: fix race by adding ap_copy_scoreboard_worker() to include/scoreboard.h, modules/generators/mod_status.c, server/scoreboard.c. * SECURITY UPDATE: denial of service in mod_cgid - debian/patches/CVE-2014-0231.dpatch: added new configuration option CGIDScriptTimeout in modules/generators/mod_cgid.c. * SECURITY UPDATE: denial of service via mod_dav incorrect end of string calculation - debian/patches/CVE-2013-6438.dpatch: properly calculate correct length in modules/dav/main/util.c. * Thanks to Marc Deslauriers from the Ubuntu Security team for the patches! Checksums-Sha1: 2bd83719b1cfa89de7654ff47e93bc432a208b1b 2476 apache2_2.2.16-6+squeeze13.dsc 2db5783cacf8f248a93ec47f88e702d95319c613 236837 apache2_2.2.16-6+squeeze13.diff.gz d1f1d26a5288745f132deec29dd130d57a0606e3 2307734 apache2-doc_2.2.16-6+squeeze13_all.deb 6d8a935c1eb70bc330c7935f3db3d5817f5398ba 309538 apache2.2-common_2.2.16-6+squeeze13_amd64.deb ac94cfb932135bc620eb6ab334a55cb0490ecde0 1446578 apache2.2-bin_2.2.16-6+squeeze13_amd64.deb 944d2f0675b0941efc88dc0ea357836ddd8f89cf 2232 apache2-mpm-worker_2.2.16-6+squeeze13_amd64.deb 5d00f4d0c73bb835941f15ebd1bea04d80df9186 2296 apache2-mpm-prefork_2.2.16-6+squeeze13_amd64.deb f42a3d411b3f79ff116e633e17309875a1eb52d6 2270 apache2-mpm-event_2.2.16-6+squeeze13_amd64.deb b35dd627ed345daaa93911d2c816fa64e2c72211 2288 apache2-mpm-itk_2.2.16-6+squeeze13_amd64.deb 0361decbd207c37ddc6c9c628bdaad19ba96e938 168404 apache2-utils_2.2.16-6+squeeze13_amd64.deb 4a5c4d57704badc95cf1078b0981ea6988490ddb 101230 apache2-suexec_2.2.16-6+squeeze13_amd64.deb e6dbc57b3b3d458e70d8e65b986e23653a701303 102916 apache2-suexec-custom_2.2.16-6+squeeze13_amd64.deb 36261b5856d398a4b37f74287ea001c2a9bf8048 1400 apache2_2.2.16-6+squeeze13_amd64.deb 1d8ac5eb65badc16c1cfce0c4be66cf86e23dba1 137742 apache2-prefork-dev_2.2.16-6+squeeze13_amd64.deb 736595e6cf39472796644a9215dbc9b898cc13dc 138812 apache2-threaded-dev_2.2.16-6+squeeze13_amd64.deb 579d85a6bc073bb359a8c172516bc78f94d9b426 2778094 apache2-dbg_2.2.16-6+squeeze13_amd64.deb Checksums-Sha256: 1e01a8fd7560686b4306465e6db0b0b8682b6e93fb75fe94ec623796d6a0ff4e 2476 apache2_2.2.16-6+squeeze13.dsc 7296849e9e3fc473f608a7be5df73d319b1cd3299c99f8e679a03f99e5b38e71 236837 apache2_2.2.16-6+squeeze13.diff.gz 31f65445f82698f7f5b18b51d2b0f33abf3ea3fd2d3326d82030caf709418d3f 2307734 apache2-doc_2.2.16-6+squeeze13_all.deb 4a710ebe749689d2c0f0ed7d18d639580f2b2a14c04308230a28b97d960e9fcb 309538 apache2.2-common_2.2.16-6+squeeze13_amd64.deb c68428195f3be173d5f42d990a413d70f0b9c918b98d8bbc99e47f47f1c5c0e4 1446578 apache2.2-bin_2.2.16-6+squeeze13_amd64.deb ac69f9f11d8dff7d43c901e85e78c9e3d989e63df1089de398de2541f34be59c 2232 apache2-mpm-worker_2.2.16-6+squeeze13_amd64.deb 2c54a0eb0b201e1769e93f0faf1493c95b03cd567fb314c8fa52142afa378042 2296 apache2-mpm-prefork_2.2.16-6+squeeze13_amd64.deb ac9459292f0324da59abcf425d9c3bd5e10be1f0ef8a2cf02d8c2c37041d4468 2270 apache2-mpm-event_2.2.16-6+squeeze13_amd64.deb dba24acb63f4643aebac47ad10fd72d3b6335f20067e91b96b81930bb868a678 2288 apache2-mpm-itk_2.2.16-6+squeeze13_amd64.deb 56ce611e6b883ad0486c060e7ba89fd5be3e01f41cd27d41d7992ca3c489f75b 168404 apache2-utils_2.2.16-6+squeeze13_amd64.deb c89012db6191257507b5f095dd9cd5c4ddae34fa72673ede07311910bda657d4 101230 apache2-suexec_2.2.16-6+squeeze13_amd64.deb 96e8ec1b3bb00c39264ae054b0d2c87472f6b71ef0eceea1deb8c47f7aa1ceea 102916 apache2-suexec-custom_2.2.16-6+squeeze13_amd64.deb 4f3d33bf33f9e0ddd667b01f07f775d1c2688311247f80bcf9f0b0ed821954e3 1400 apache2_2.2.16-6+squeeze13_amd64.deb 88971434f648389ab611ded9ceee760bc9c9253413a8536f283d6cc31da707a7 137742 apache2-prefork-dev_2.2.16-6+squeeze13_amd64.deb 0e749b4e48b344ab48c5602cdc6d2bd775bf767f5a979c5a39c2f1be05f41366 138812 apache2-threaded-dev_2.2.16-6+squeeze13_amd64.deb 3b6912b0b7e6f6e2605c9e8f40b02eb56fc2df943d524a2cef1f29a292ebd63d 2778094 apache2-dbg_2.2.16-6+squeeze13_amd64.deb Files: b0990908407079a425d9a1e9303fb01f 2476 httpd optional apache2_2.2.16-6+squeeze13.dsc 92a1a5bffd9566d6caec8890d273a76a 236837 httpd optional apache2_2.2.16-6+squeeze13.diff.gz ce501dada39734270b649b4da5369f57 2307734 doc optional apache2-doc_2.2.16-6+squeeze13_all.deb 524c3783351e902d09a0616ef044065f 309538 httpd optional apache2.2-common_2.2.16-6+squeeze13_amd64.deb e5e1ddc52db4ac6f6bfe7b81e236102f 1446578 httpd optional apache2.2-bin_2.2.16-6+squeeze13_amd64.deb d3d6e99fcf44e84ad50b809818bac794 2232 httpd optional apache2-mpm-worker_2.2.16-6+squeeze13_amd64.deb eea74685a7e1ea14c5ebedb563879d03 2296 httpd optional apache2-mpm-prefork_2.2.16-6+squeeze13_amd64.deb 5a5ed6070bb1f71c4433a3ac7dcf6ac6 2270 httpd optional apache2-mpm-event_2.2.16-6+squeeze13_amd64.deb 66cd8b2b6f9aef1c985cc83b3767e967 2288 httpd extra apache2-mpm-itk_2.2.16-6+squeeze13_amd64.deb f008aa0e3ee2f2b3d4259e7e5819fa21 168404 httpd optional apache2-utils_2.2.16-6+squeeze13_amd64.deb dd0d6db672b372b94e4ef26411e67f22 101230 httpd optional apache2-suexec_2.2.16-6+squeeze13_amd64.deb c7943919cc5d15ca619826fe3219a66d 102916 httpd extra apache2-suexec-custom_2.2.16-6+squeeze13_amd64.deb 9a07e4e34b22199720103a1ffce5f260 1400 httpd optional apache2_2.2.16-6+squeeze13_amd64.deb 8897e64d6919461a77acdd13337aac0c 137742 httpd extra apache2-prefork-dev_2.2.16-6+squeeze13_amd64.deb 238e52d8bb5e024050081e415a7cc399 138812 httpd extra apache2-threaded-dev_2.2.16-6+squeeze13_amd64.deb cde144461594e5eb85da3385725f8602 2778094 debug extra apache2-dbg_2.2.16-6+squeeze13_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIVAwUBVClXuQkauFYGmqocAQgTOg/+Pugg88Q5rpOg8InBSpI7rXXBSVCGCFPX lJXbILTZMYib+TGjCk2jePicK787jpP5SMkg2XeTv7EzseL96K/O18vO5kyUTp1i OfrAC0lKKg0+PlOCVbfhI328afQsTlg0YPARnLyI6pezVdQjL7JjKataNeUOu5vP 1llJxKhWnc8tcNfKXuM3vd6ANvmTM1BgqBSBRL6Et927iHggLu3rDo9qz3TCKR3t N1E+Rq4TBkf7u7LccruF0GT68QmDJnkZ+k1KlhA/Nh7HgHFyziVejYKOtoyYgV0M 46bmt7vYOhTP9vh+1mkNzmMmF+jX63IN6r0GybJCmjrGPw0GlO8HZwT9n/NHZMy+ 2UJb9OV5JuxCpYKkgqrIiQj7c+cTxdQZ1v5uxJ7J1qMz7+VlhOU6orT/1ZRzTZSt e0G5xjqzfaZ2llhUMhYEjjEWABlBJtbAMWIBC2ujAOFQokuWrcQXFJ6rq72V3iU9 HZ1DUvxj10HeDLyj51kJ/dNHOIp50keVp3IIgl6QyzPJi38PyWkDmaPZ3vj4wZCg 4EEJ+W/hVH2S55VGUobqBlEGRUm1WFzQ7aUiMCwuxJ7VOvePLiUGHrNEpW1oQ17A 1EoidoQKF4dq2Ob+ps6faonVn+/CvHuAsbv9eRWOuSiA7nAJopFSQGfXmYOGEC7s 6HYO12vpjlk= =ABIj -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-lts-changes-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: https://lists.debian.org/E1XYaqq-0001AO-T6@franck.debian.org