-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 6 Sep 2005 23:02:02 +1000 Source: apache Binary: apache-dev apache-common apache-doc apache-utils apache apache-dbg apache-perl libapache-mod-perl apache-ssl Architecture: source i386 all Version: 1.3.33-6sarge1 Distribution: stable-security Urgency: high Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Adam Conrad <adconrad@0c3.net> Description: apache - versatile, high-performance HTTP server apache-common - support files for all Apache webservers apache-dbg - debug versions of the Apache webservers apache-dev - development kit for the Apache webserver apache-doc - documentation for the Apache webserver apache-perl - versatile, high-performance HTTP server with Perl support apache-ssl - versatile, high-performance HTTP server with SSL support apache-utils - utility programs for webservers (transitional package) libapache-mod-perl - integration of perl with the Apache web server Closes: 322607 Changes: apache (1.3.33-6sarge1) stable-security; urgency=high . * Add 906_content_length_CAN-2005-2088, resolving an issue in mod_proxy where, when a response contains both Transfer-Encoding and Content-Length headers, the connection can be used for HTTP request smuggling and HTTP request spoofing attacks; see CAN-2005-2088 (closes: #322607) Files: 1fd30bda6f8ced16f68a75b42062e719 1119 web optional apache_1.3.33-6sarge1.dsc 1a34f13302878a8713a2ac760d9b6da8 3105683 web optional apache_1.3.33.orig.tar.gz 9b04027dc8af9fc5c19bef5304d6d1a6 369073 web optional apache_1.3.33-6sarge1.diff.gz 53df3e1f7e47375c957673ff49649ee2 1189326 doc optional apache-doc_1.3.33-6sarge1_all.deb 2690e824569ca7d3b20c22697fff83ac 331258 devel extra apache-dev_1.3.33-6sarge1_all.deb 1a9af803b7bb9ee718c8d2463157c73d 212030 web optional apache-utils_1.3.33-6sarge1_all.deb d1fb460ac66b9c279bb973962c6b37a6 385394 web optional apache_1.3.33-6sarge1_i386.deb fa4e8d3d4c725d0145c78b3f782566d3 492748 web optional apache-ssl_1.3.33-6sarge1_i386.deb 49cff4c1bc76b51806afe487c0a93fd5 504894 web optional apache-perl_1.3.33-6sarge1_i386.deb d39bd56c23b083feeb2d30c1582ac091 9128930 devel extra apache-dbg_1.3.33-6sarge1_i386.deb ad852939fd0e97aa35f731e506888eca 844800 web optional apache-common_1.3.33-6sarge1_i386.deb 0ad21611cc1f3e24e4b51b0b0a76b1bf 485896 web optional libapache-mod-perl_1.29.0.3-6sarge1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDHZeyvjztR8bOoMkRAvOjAJwJ3f0mL7AvhBpJ6ShyhUNVimqFYACgwMVT FgcWRyATk4+fBtNgnFNPQfE= =I7uU -----END PGP SIGNATURE----- Accepted: apache-common_1.3.33-6sarge1_i386.deb to pool/main/a/apache/apache-common_1.3.33-6sarge1_i386.deb apache-dbg_1.3.33-6sarge1_i386.deb to pool/main/a/apache/apache-dbg_1.3.33-6sarge1_i386.deb apache-dev_1.3.33-6sarge1_all.deb to pool/main/a/apache/apache-dev_1.3.33-6sarge1_all.deb apache-doc_1.3.33-6sarge1_all.deb to pool/main/a/apache/apache-doc_1.3.33-6sarge1_all.deb apache-perl_1.3.33-6sarge1_i386.deb to pool/main/a/apache/apache-perl_1.3.33-6sarge1_i386.deb apache-ssl_1.3.33-6sarge1_i386.deb to pool/main/a/apache/apache-ssl_1.3.33-6sarge1_i386.deb apache-utils_1.3.33-6sarge1_all.deb to pool/main/a/apache/apache-utils_1.3.33-6sarge1_all.deb apache_1.3.33-6sarge1.diff.gz to pool/main/a/apache/apache_1.3.33-6sarge1.diff.gz apache_1.3.33-6sarge1.dsc to pool/main/a/apache/apache_1.3.33-6sarge1.dsc apache_1.3.33-6sarge1_i386.deb to pool/main/a/apache/apache_1.3.33-6sarge1_i386.deb libapache-mod-perl_1.29.0.3-6sarge1_i386.deb to pool/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_i386.deb