-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 13 Nov 2009 16:06:22 +0100 Source: apache2 Binary: apache2-utils apache2-prefork-dev apache2 apache2-mpm-prefork apache2-doc apache2-mpm-event apache2.2-common apache2-mpm-worker apache2-src apache2-threaded-dev apache2-mpm-perchild Architecture: source all i386 Version: 2.2.3-4+etch11 Distribution: oldstable-security Urgency: high Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description: apache2 - Next generation, scalable, extendable web server apache2-doc - documentation for apache2 apache2-mpm-event - Event driven model for Apache HTTPD 2.1 apache2-mpm-perchild - Transitional package - please remove apache2-mpm-prefork - Traditional model for Apache HTTPD 2.1 apache2-mpm-worker - High speed threaded model for Apache HTTPD 2.1 apache2-prefork-dev - development headers for apache2 apache2-src - Apache source code apache2-threaded-dev - development headers for apache2 apache2-utils - utility programs for webservers apache2.2-common - Next generation, scalable, extendable web server Changes: apache2 (2.2.3-4+etch11) oldstable-security; urgency=high . * Security: - Reject any client-initiated SSL/TLS renegotiations. This is a partial fix for the TLS renegotiation prefix injection attack (CVE-2009-3555). Any configuration which requires renegotiation for per-directory/location access control or uses "SSLVerifyClient optional" is still vulnerable. - Fix DoS by malicious ftp server (CVE-2009-3094) - Fix missing input sanitization: a user could execute arbitrary ftp commands on the backend ftp server (CVE-2009-3095) Files: dff8f31d88ede35bb87f92743d2db202 1071 web optional apache2_2.2.3-4+etch11.dsc c9b197b2a4bade4e92f3c65b88eea614 124890 web optional apache2_2.2.3-4+etch11.diff.gz f2755fd250837dd878a24ffc8527855d 963818 web optional apache2.2-common_2.2.3-4+etch11_i386.deb fc0b075a77853494886719b1bf4d7092 425034 web optional apache2-mpm-worker_2.2.3-4+etch11_i386.deb d2758678dc6dcfb2298a5e69dbd199d0 421206 web optional apache2-mpm-prefork_2.2.3-4+etch11_i386.deb 5df035120241567d62ba4154a7ade25f 425510 web optional apache2-mpm-event_2.2.3-4+etch11_i386.deb 435638e472ccb187c7713f96840cf156 343876 web optional apache2-utils_2.2.3-4+etch11_i386.deb 04bafa059e90c14851f290c02fc7a29e 409776 devel optional apache2-prefork-dev_2.2.3-4+etch11_i386.deb 833b5256083de5f76d83354f63916af2 410518 devel optional apache2-threaded-dev_2.2.3-4+etch11_i386.deb 8ff0ac120a46e235a9253df6be09e4d5 275872 web optional apache2-mpm-perchild_2.2.3-4+etch11_all.deb 27661a99c55641d534a5ffe4ea828c4b 41626 web optional apache2_2.2.3-4+etch11_all.deb 357f2daba8360eaf00b0157326c4d258 2247064 doc optional apache2-doc_2.2.3-4+etch11_all.deb 043a6a14dc48aae5fa8101715f4ddf81 6668542 devel extra apache2-src_2.2.3-4+etch11_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iD8DBQFK/XrEbxelr8HyTqQRAi2fAJwKh8zzGKExzC1iNFEaqZooq4LzNgCgwLux 6qvR0Pmy6XOETsSfXwOhL0k= =S325 -----END PGP SIGNATURE----- Accepted: apache2-doc_2.2.3-4+etch11_all.deb to main/a/apache2/apache2-doc_2.2.3-4+etch11_all.deb apache2-mpm-event_2.2.3-4+etch11_i386.deb to main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_i386.deb apache2-mpm-perchild_2.2.3-4+etch11_all.deb to main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch11_all.deb apache2-mpm-prefork_2.2.3-4+etch11_i386.deb to main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_i386.deb apache2-mpm-worker_2.2.3-4+etch11_i386.deb to main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_i386.deb apache2-prefork-dev_2.2.3-4+etch11_i386.deb to main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_i386.deb apache2-src_2.2.3-4+etch11_all.deb to main/a/apache2/apache2-src_2.2.3-4+etch11_all.deb apache2-threaded-dev_2.2.3-4+etch11_i386.deb to main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_i386.deb apache2-utils_2.2.3-4+etch11_i386.deb to main/a/apache2/apache2-utils_2.2.3-4+etch11_i386.deb apache2.2-common_2.2.3-4+etch11_i386.deb to main/a/apache2/apache2.2-common_2.2.3-4+etch11_i386.deb apache2_2.2.3-4+etch11.diff.gz to main/a/apache2/apache2_2.2.3-4+etch11.diff.gz apache2_2.2.3-4+etch11.dsc to main/a/apache2/apache2_2.2.3-4+etch11.dsc apache2_2.2.3-4+etch11_all.deb to main/a/apache2/apache2_2.2.3-4+etch11_all.deb