-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 07 Mar 2010 23:22:56 +0100 Source: apache2 Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg Architecture: source all i386 Version: 2.2.15-1 Distribution: unstable Urgency: low Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-itk - multiuser MPM for Apache 2.2 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-bin - Apache HTTP Server common binary files apache2.2-common - Apache HTTP Server common files Closes: 533661 571461 572232 Changes: apache2 (2.2.15-1) unstable; urgency=low . * New upstream version: - CVE-2010-0408: mod_proxy_ajp: Fixes denial of service vulnerability - CVE-2009-3555: mod_ssl: Improve the mitigation against SSL/TLS protocol prefix injection attack. - CVE-2010-0434: mod_headers: Fix potential information leak with threaded MPMs. - mod_reqtimeout: New module limiting the time waiting for receiving a request from the client. This is a (partial) mitigation against slowloris-type resource exhaustion attacks. The module is enabled by default. Closes: #533661 - mod_ssl: Add SSLInsecureRenegotiation directive to allows insecure renegotiation with clients which do not yet support the secure renegotiation protocol. As this requires openssl 0.9.8m, bump build dependency accordingly. * Fix bash completion for a2ensite if the site name contains 'conf' or 'load'. Closes: #572232 * Do a configcheck in the init script before doing a non-graceful restart. Closes: #571461 Checksums-Sha1: ddf6169247b98092afd5b80db0d6e9b54cc69527 1796 apache2_2.2.15-1.dsc 1a751aab443ce76ede233b6d3351223e9c9516f2 6593633 apache2_2.2.15.orig.tar.gz 9284f39682f34bd639ea5c6f32691b5dc6777038 196290 apache2_2.2.15-1.diff.gz 3c43bae560c14a4888770d9efae396b2b51ebae9 2299506 apache2-doc_2.2.15-1_all.deb 219d269780ba0bc81519dcfceddbde6b543bf53e 302896 apache2.2-common_2.2.15-1_i386.deb 759042d8fc3d14e8a4117f8b0cbc00411bd419eb 1320202 apache2.2-bin_2.2.15-1_i386.deb 5fd60bf990e047459c26acecc5d7d9f10f6197c4 2272 apache2-mpm-worker_2.2.15-1_i386.deb fa882ec21c82cf5e85581346bb00db1e71221f95 2328 apache2-mpm-prefork_2.2.15-1_i386.deb ce5a934471544cf5294eeed445f3d08ebd2d33dc 2300 apache2-mpm-event_2.2.15-1_i386.deb c54115d1bda8c75349ae9bca2106115b1e368ea1 2334 apache2-mpm-itk_2.2.15-1_i386.deb 300028487c5d69065c7061a8d5f17c7acf553253 158556 apache2-utils_2.2.15-1_i386.deb f563cfa2ef32f89c18382c958712451f8f0163b7 95960 apache2-suexec_2.2.15-1_i386.deb 47b8f3a5560b1716820a07d4adb8da14c43bcc03 97546 apache2-suexec-custom_2.2.15-1_i386.deb 58909d736b689328e019a9c7b3dfe06a8768e088 1382 apache2_2.2.15-1_i386.deb 7698bb9de7cf3232d19a755268765d68123f8a01 137166 apache2-prefork-dev_2.2.15-1_i386.deb cf7e6bd7de9ea289f7993f4b8646378e604e0777 138316 apache2-threaded-dev_2.2.15-1_i386.deb 7419946f64fdf951069b9e661ad87dfb8acd9c9d 2683280 apache2-dbg_2.2.15-1_i386.deb Checksums-Sha256: 7dc9f68d31c6408e1d9ca3436beb610511e19cfacda21b451a4a3ba659f5840a 1796 apache2_2.2.15-1.dsc 4f879251e938e81fafedabc946831a501b71ddc33cb8a9ad4a994fce233f281b 6593633 apache2_2.2.15.orig.tar.gz 081de168512ab6a0634050e378c880029e828164b1a26f90db346ef26c265493 196290 apache2_2.2.15-1.diff.gz 7dc561357429fa7a7bae19b1efd49ea02112abcb4fc439ee468e0c9892c65d4a 2299506 apache2-doc_2.2.15-1_all.deb 00e0e75f1fec9ec3d4eaae2bd6190903ebc3d600cef40ad145fac4e2263b38dd 302896 apache2.2-common_2.2.15-1_i386.deb fa398e43af7c0ad23e93c8c6f35075c40332b70036754c229ff984fa89589087 1320202 apache2.2-bin_2.2.15-1_i386.deb 78721f1301aab92f23217a240b1201fa8c2342bccd1f3ffcb5eeaaad03f35a98 2272 apache2-mpm-worker_2.2.15-1_i386.deb 5561632891546e9e30f1ae142588dfb505bddf5a6efb0a3e0d201a3b205c40fa 2328 apache2-mpm-prefork_2.2.15-1_i386.deb 3b48a469b196532760fefe40952cb1679109d2d0a69ed1f7803b4e6838fb3ea4 2300 apache2-mpm-event_2.2.15-1_i386.deb 889f6910f459168ea62aac9408387ccbbffc31f78cee282157eacd61d70e7111 2334 apache2-mpm-itk_2.2.15-1_i386.deb 053c5119dad0f43c4cc8642c7bfd9c1d0e233fc824f1f9392cb17ed3d626e06d 158556 apache2-utils_2.2.15-1_i386.deb 1d761a6862f0b57544cf584aea8c603284970c13ddfba902abd6843688e901f1 95960 apache2-suexec_2.2.15-1_i386.deb a2940c17b9b530f69bdfc3ea567ffcf178b7ea8cd0e2beead0c11fa14adeab15 97546 apache2-suexec-custom_2.2.15-1_i386.deb ec81076f8b5ee42b1fc8b3eaee49fd17638d008aebf3392aa496f5c738967d1f 1382 apache2_2.2.15-1_i386.deb 20d1412aeb23b18d5e1eb827b4e37fc2327929db2a2179b0ff884f7bc60324a2 137166 apache2-prefork-dev_2.2.15-1_i386.deb 7867983a7ecbb752398ff629aa1abdf308d59632a0fc6beb7193651792b6db03 138316 apache2-threaded-dev_2.2.15-1_i386.deb f0c6a326fe331cd0bcd0c75243538a508ecf152632c94160f64fdace0876fd6b 2683280 apache2-dbg_2.2.15-1_i386.deb Files: 59304a8d6f5e76e5cbdf60be5ab5cdb2 1796 httpd optional apache2_2.2.15-1.dsc 31fa022dc3c0908c6eaafe73c81c65df 6593633 httpd optional apache2_2.2.15.orig.tar.gz 948f7496304408088c14c2f0d2e5e474 196290 httpd optional apache2_2.2.15-1.diff.gz cf591ac5cfa0553e7eb04ed91ca31704 2299506 doc optional apache2-doc_2.2.15-1_all.deb b150352d5615301be9b93131538c90ae 302896 httpd optional apache2.2-common_2.2.15-1_i386.deb af1b901a5ca4b5263abf441a3ea99ec5 1320202 httpd optional apache2.2-bin_2.2.15-1_i386.deb 04c3592c3eacf928e06e66b599827d45 2272 httpd optional apache2-mpm-worker_2.2.15-1_i386.deb 8d56e5efc9894ae5b78b12b41643bb95 2328 httpd optional apache2-mpm-prefork_2.2.15-1_i386.deb 1d72d6c56491f4f0af33ca327d9deb28 2300 httpd optional apache2-mpm-event_2.2.15-1_i386.deb 0f6eb269907db8e6fa99216097ca7593 2334 httpd extra apache2-mpm-itk_2.2.15-1_i386.deb 96aafa5312873daf6fc43dcced45542c 158556 httpd optional apache2-utils_2.2.15-1_i386.deb 4a15c0eb4b8825417cc0d538f186b475 95960 httpd optional apache2-suexec_2.2.15-1_i386.deb 740d8a58ed38c79aade44404e0c4d01d 97546 httpd extra apache2-suexec-custom_2.2.15-1_i386.deb 9918e30a794b2a3f0ad37e830f24c6c8 1382 httpd optional apache2_2.2.15-1_i386.deb 4b8d068b9e4f1e5bcb8092e8caad49eb 137166 httpd extra apache2-prefork-dev_2.2.15-1_i386.deb 41a9968ceef4a3d1d839b8d7d674a024 138316 httpd extra apache2-threaded-dev_2.2.15-1_i386.deb 35aa3db7a8e60d980cdd9389089d0e07 2683280 debug extra apache2-dbg_2.2.15-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iD8DBQFLlCnhbxelr8HyTqQRAij7AKC7HtgT1AUZ3w1NaRf0iCrMisc2oACgpMVu D9nPmF/skLVUP+x5d5Mp9vw= =xAAZ -----END PGP SIGNATURE----- Accepted: apache2-dbg_2.2.15-1_i386.deb to main/a/apache2/apache2-dbg_2.2.15-1_i386.deb apache2-doc_2.2.15-1_all.deb to main/a/apache2/apache2-doc_2.2.15-1_all.deb apache2-mpm-event_2.2.15-1_i386.deb to main/a/apache2/apache2-mpm-event_2.2.15-1_i386.deb apache2-mpm-itk_2.2.15-1_i386.deb to main/a/apache2/apache2-mpm-itk_2.2.15-1_i386.deb apache2-mpm-prefork_2.2.15-1_i386.deb to main/a/apache2/apache2-mpm-prefork_2.2.15-1_i386.deb apache2-mpm-worker_2.2.15-1_i386.deb to main/a/apache2/apache2-mpm-worker_2.2.15-1_i386.deb apache2-prefork-dev_2.2.15-1_i386.deb to main/a/apache2/apache2-prefork-dev_2.2.15-1_i386.deb apache2-suexec-custom_2.2.15-1_i386.deb to main/a/apache2/apache2-suexec-custom_2.2.15-1_i386.deb apache2-suexec_2.2.15-1_i386.deb to main/a/apache2/apache2-suexec_2.2.15-1_i386.deb apache2-threaded-dev_2.2.15-1_i386.deb to main/a/apache2/apache2-threaded-dev_2.2.15-1_i386.deb apache2-utils_2.2.15-1_i386.deb to main/a/apache2/apache2-utils_2.2.15-1_i386.deb apache2.2-bin_2.2.15-1_i386.deb to main/a/apache2/apache2.2-bin_2.2.15-1_i386.deb apache2.2-common_2.2.15-1_i386.deb to main/a/apache2/apache2.2-common_2.2.15-1_i386.deb apache2_2.2.15-1.diff.gz to main/a/apache2/apache2_2.2.15-1.diff.gz apache2_2.2.15-1.dsc to main/a/apache2/apache2_2.2.15-1.dsc apache2_2.2.15-1_i386.deb to main/a/apache2/apache2_2.2.15-1_i386.deb apache2_2.2.15.orig.tar.gz to main/a/apache2/apache2_2.2.15.orig.tar.gz
