-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 2 Sep 2005 22:26:28 +1000 Source: apache2 Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-threadpool apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild Architecture: source all i386 Version: 2.0.54-5 Distribution: stable-security Urgency: high Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Adam Conrad <adconrad@0c3.net> Description: apache2 - next generation, scalable, extendable web server apache2-common - next generation, scalable, extendable web server apache2-doc - documentation for apache2 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2 apache2-mpm-prefork - traditional model for Apache2 apache2-mpm-threadpool - experimental high speed model for Apache2 (transitional package) apache2-mpm-worker - high speed threaded model for Apache2 apache2-prefork-dev - development headers for apache2 apache2-threaded-dev - development headers for apache2 apache2-utils - utility programs for webservers libapr0 - the Apache Portable Runtime libapr0-dev - development headers for libapr Closes: 316173 320048 320063 326435 Changes: apache2 (2.0.54-5) stable-security; urgency=high . * Add 043_ssl_off_by_one_CAN-2005-1268, fixing an off-by-one error in SSL certificate validation; see CAN-2005-1268 (closes: #320048, #320063) * Add 044_content_length_CAN-2005-2088, resolving an issue in mod_proxy where, when a response contains both Transfer-Encoding and Content-Length headers, the connection can be used for HTTP request smuggling and HTTP request spoofing attacks; see CAN-2005-2088 (closes: #316173) * Add 045_byterange_CAN-2005-2728, to resolve a denial of service in apache when large byte ranges are requested; see CAN-2005-2728 (closes: #326435) * Add 046_verify_client_CAN-2005-2700, resolving an issue where the context of the SSLVerifyClient directive is not honoured within a <Location> nested in a <VirtualHost>, and is left unenforced; see CAN-2005-2700 Files: 779558a3a1edad615114d9e951d44352 1141 net optional apache2_2.0.54-5.dsc 37d0d0a3e25ad93d37f0483021e70409 7493636 net optional apache2_2.0.54.orig.tar.gz 3f51c615473cb57d4d182e1abbeffcd4 110044 net optional apache2_2.0.54-5.diff.gz df584a81cd27a1858014ac52cfdd9ab9 33460 net optional apache2-mpm-threadpool_2.0.54-5_all.deb 429e520dda920f145468b39f4b3f2c2c 3861324 doc optional apache2-doc_2.0.54-5_all.deb 143fb414c293aaa8d89e178306dca35a 799800 net optional apache2-common_2.0.54-5_i386.deb 3dc37ae17bb34d4068f5153bfd2ffd54 90962 net optional apache2-utils_2.0.54-5_i386.deb 824b90f8be18f53abef31e66aca2b0dd 206374 net optional apache2-mpm-worker_2.0.54-5_i386.deb 8cb83e70bbe05872ba5a9de9eacdadc2 206602 net optional apache2-mpm-perchild_2.0.54-5_i386.deb 670721077006223829903285d28b428d 202826 net optional apache2-mpm-prefork_2.0.54-5_i386.deb 46926e9e39dba00825c06b1bc6afa847 167626 devel optional apache2-prefork-dev_2.0.54-5_i386.deb a22f739befa46e30b9c9f5ad8e6b2bc7 168356 devel optional apache2-threaded-dev_2.0.54-5_i386.deb 0f1b46d69ed1665dbc7175fd777dc9eb 130614 net optional libapr0_2.0.54-5_i386.deb f877c48fae275c3e011dcdcddf6f4bdc 259890 libdevel optional libapr0-dev_2.0.54-5_i386.deb f2bb4abd8a56f74165641a1ffb98268d 33384 web optional apache2_2.0.54-5_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDHEw1vjztR8bOoMkRAg4fAKDf4oHHaNpvjHq1mEPMrm8X6Gy0UQCfZDHG 0c4krR6Vp3wy1W5MEZlYh9g= =NgrJ -----END PGP SIGNATURE----- Accepted: apache2-common_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb apache2-doc_2.0.54-5_all.deb to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb apache2-mpm-perchild_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb apache2-mpm-prefork_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb apache2-mpm-threadpool_2.0.54-5_all.deb to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb apache2-mpm-worker_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb apache2-prefork-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb apache2-threaded-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb apache2-utils_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb apache2_2.0.54-5.diff.gz to pool/main/a/apache2/apache2_2.0.54-5.diff.gz apache2_2.0.54-5.dsc to pool/main/a/apache2/apache2_2.0.54-5.dsc apache2_2.0.54-5_i386.deb to pool/main/a/apache2/apache2_2.0.54-5_i386.deb libapr0-dev_2.0.54-5_i386.deb to pool/main/a/apache2/libapr0-dev_2.0.54-5_i386.deb libapr0_2.0.54-5_i386.deb to pool/main/a/apache2/libapr0_2.0.54-5_i386.deb