-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 14 Nov 2009 21:10:47 +0100 Source: apache2 Binary: apache2.2-common apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-src apache2-dbg Architecture: source i386 all Version: 2.2.9-10+lenny6 Distribution: stable-security Urgency: high Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-src - Apache source code apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-common - Apache HTTP Server common files Changes: apache2 (2.2.9-10+lenny6) stable-security; urgency=high . * Security: - Reject any client-initiated SSL/TLS renegotiations. This is a partial fix for the TLS renegotiation prefix injection attack (CVE-2009-3555). Any configuration which requires renegotiation for per-directory/location access control or uses "SSLVerifyClient optional" is still vulnerable. Checksums-Sha1: 6efc00541a5a9a42e1b97b581e053f5d459b7828 1673 apache2_2.2.9-10+lenny6.dsc bb85a80f017b381a1d1ae8fab5cbfb82f2e7b97c 145719 apache2_2.2.9-10+lenny6.diff.gz d4a4a11f64cddd4f5991faf1b03f0e323cf95c95 783440 apache2.2-common_2.2.9-10+lenny6_i386.deb b52fd8c896b17175e3fb6125fa0d8f20f3e4ddda 240776 apache2-mpm-worker_2.2.9-10+lenny6_i386.deb cf25d18af5ccfee6f343c16607642de6371dd686 237396 apache2-mpm-prefork_2.2.9-10+lenny6_i386.deb fa205835dd256542025e25cbd1b937fc7b2ba6e2 241326 apache2-mpm-event_2.2.9-10+lenny6_i386.deb 89e9a54f8f3565a08b650be76e0396776db8e1d2 143414 apache2-utils_2.2.9-10+lenny6_i386.deb 05ff59be0ff4b2465f6e656ecd6f03282177b37e 82366 apache2-suexec_2.2.9-10+lenny6_i386.deb 419c79dd59980cd789139bcd78e386bc7fbaf9d4 84104 apache2-suexec-custom_2.2.9-10+lenny6_i386.deb 04f58a305e6832707b277488ceb30b3e5492c377 211420 apache2-prefork-dev_2.2.9-10+lenny6_i386.deb 2aef6221f7f13197dd4b5d1b3208c51813d561c6 212726 apache2-threaded-dev_2.2.9-10+lenny6_i386.deb 2d835fa15b07a3bd80e31f5a865cd7f10bc51536 2324892 apache2-dbg_2.2.9-10+lenny6_i386.deb 18a18aefa8e1dbee4f49878f95b7eba563e5d579 45238 apache2_2.2.9-10+lenny6_all.deb 4a02389a9b716b0c7e0481726fad6360cc72f2f3 2060318 apache2-doc_2.2.9-10+lenny6_all.deb 60a301a4a5673f38560e906a4b18a047e6ea425b 6736558 apache2-src_2.2.9-10+lenny6_all.deb Checksums-Sha256: 58a6e907183d55e3e818a0dd5ec521f297326cc6ff2f254c31c19554e253001c 1673 apache2_2.2.9-10+lenny6.dsc d2677b1c3ba4e977247fc0d98b10136841e796a9a823d37523429639c3bf1500 145719 apache2_2.2.9-10+lenny6.diff.gz 1648df427aeb561f660aab6faa2f43db0df3386edd3177860ebc155176673671 783440 apache2.2-common_2.2.9-10+lenny6_i386.deb 65d9e224e8382716f416f5a40ca65af81e13dd5208e62abcbb0cd50c2553faad 240776 apache2-mpm-worker_2.2.9-10+lenny6_i386.deb f598a92d456c8bfbd922267b547a2af1f2d8601b8b6035d702d68bf271499c20 237396 apache2-mpm-prefork_2.2.9-10+lenny6_i386.deb 667d1dee10eb4558cd63b8b0f52931297f7de1032fee69bd2173a0e99ed2001c 241326 apache2-mpm-event_2.2.9-10+lenny6_i386.deb f4b95bd60e1e6d69a722c32f6c696cccca7bd8bd41b4be9bed93c6afb151a99f 143414 apache2-utils_2.2.9-10+lenny6_i386.deb 8669a409a8dd3f3246ce8341b1b5cef22e527615088c3423cb8c66560fcbf5bd 82366 apache2-suexec_2.2.9-10+lenny6_i386.deb 351448ed763f72b700abcf072f2005a5390f518ad249f447eacaeb6b53b5650a 84104 apache2-suexec-custom_2.2.9-10+lenny6_i386.deb 3d1eab257569af8e1dd4ca299a876e57245543aeeec1347d5e38d1f55f2ca016 211420 apache2-prefork-dev_2.2.9-10+lenny6_i386.deb d853fb4424eb11b0dbe6cf9a1730748dc118d4002ddc64ea7b7df7ada26ce250 212726 apache2-threaded-dev_2.2.9-10+lenny6_i386.deb f8583fb7c8bb0adfca6aab36b353bc51f410a35fde434e12479d1a8d78b37aa0 2324892 apache2-dbg_2.2.9-10+lenny6_i386.deb 11290b8ca5348c97f4ca90a600a92a042f5390f04e384262c3c69441c2fe1c5f 45238 apache2_2.2.9-10+lenny6_all.deb 3dd403a8731dae1616932925858bbcad49c9b4169def8622ece092814736690d 2060318 apache2-doc_2.2.9-10+lenny6_all.deb 7eea943f04da4c9837febebaf73800469f730adefe0ac584c91d48f4babeef0c 6736558 apache2-src_2.2.9-10+lenny6_all.deb Files: f6846ac2d9cbd7887629a9c503154310 1673 web optional apache2_2.2.9-10+lenny6.dsc fd456ef168b7f1ca1055ffbca1df53db 145719 web optional apache2_2.2.9-10+lenny6.diff.gz 053ba7ef4fbb56547200c32c35ac8a0e 783440 web optional apache2.2-common_2.2.9-10+lenny6_i386.deb 43a654cf0439fc97997a57baec5e2995 240776 web optional apache2-mpm-worker_2.2.9-10+lenny6_i386.deb 06841f14531fab0adb92177af849c8be 237396 web optional apache2-mpm-prefork_2.2.9-10+lenny6_i386.deb 2ee9101bf92fcac69249094b3ca11e2a 241326 web optional apache2-mpm-event_2.2.9-10+lenny6_i386.deb c20c10a3eadac1c494a5750888875800 143414 web optional apache2-utils_2.2.9-10+lenny6_i386.deb ab10d1ab26c914777c5296fe9ccfe027 82366 web optional apache2-suexec_2.2.9-10+lenny6_i386.deb f73a1bff0a8a4426e63803c4e5c67c60 84104 web extra apache2-suexec-custom_2.2.9-10+lenny6_i386.deb 69c67bd0052c70322924b901ba5f5428 211420 devel extra apache2-prefork-dev_2.2.9-10+lenny6_i386.deb 11b86a68880fa98a130e449dec0fbbcc 212726 devel extra apache2-threaded-dev_2.2.9-10+lenny6_i386.deb 87c51cc1fb8ae2532adcfa601a7b5af4 2324892 libdevel extra apache2-dbg_2.2.9-10+lenny6_i386.deb 922ce7e9d14885bab9c9cbbfab99fbd3 45238 web optional apache2_2.2.9-10+lenny6_all.deb c2499fa1040a9ace89c1a969de4db870 2060318 doc optional apache2-doc_2.2.9-10+lenny6_all.deb e09131a305cf2e51d3c14ed7c1beaf5d 6736558 devel extra apache2-src_2.2.9-10+lenny6_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFK/xfGbxelr8HyTqQRAquLAJ9kyNu15U+SD91fW24c7aKAG2etiACfVlgu lJ/4vd85SmtfKHFdJDo1778= =fSy0 -----END PGP SIGNATURE----- Accepted: apache2-dbg_2.2.9-10+lenny6_i386.deb to main/a/apache2/apache2-dbg_2.2.9-10+lenny6_i386.deb apache2-doc_2.2.9-10+lenny6_all.deb to main/a/apache2/apache2-doc_2.2.9-10+lenny6_all.deb apache2-mpm-event_2.2.9-10+lenny6_i386.deb to main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_i386.deb apache2-mpm-prefork_2.2.9-10+lenny6_i386.deb to main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_i386.deb apache2-mpm-worker_2.2.9-10+lenny6_i386.deb to main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_i386.deb apache2-prefork-dev_2.2.9-10+lenny6_i386.deb to main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_i386.deb apache2-src_2.2.9-10+lenny6_all.deb to main/a/apache2/apache2-src_2.2.9-10+lenny6_all.deb apache2-suexec-custom_2.2.9-10+lenny6_i386.deb to main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_i386.deb apache2-suexec_2.2.9-10+lenny6_i386.deb to main/a/apache2/apache2-suexec_2.2.9-10+lenny6_i386.deb apache2-threaded-dev_2.2.9-10+lenny6_i386.deb to main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_i386.deb apache2-utils_2.2.9-10+lenny6_i386.deb to main/a/apache2/apache2-utils_2.2.9-10+lenny6_i386.deb apache2.2-common_2.2.9-10+lenny6_i386.deb to main/a/apache2/apache2.2-common_2.2.9-10+lenny6_i386.deb apache2_2.2.9-10+lenny6.diff.gz to main/a/apache2/apache2_2.2.9-10+lenny6.diff.gz apache2_2.2.9-10+lenny6.dsc to main/a/apache2/apache2_2.2.9-10+lenny6.dsc apache2_2.2.9-10+lenny6_all.deb to main/a/apache2/apache2_2.2.9-10+lenny6_all.deb