-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 05 Feb 2012 21:56:02 +0100 Source: apache2 Binary: apache2.2-common apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-src apache2-dbg Architecture: source i386 all Version: 2.2.9-10+lenny12 Distribution: lenny-security Urgency: high Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-src - Apache source code apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-common - Apache HTTP Server common files Changes: apache2 (2.2.9-10+lenny12) lenny-security; urgency=high . * Prevent unintended pattern expansion in some reverse proxy configurations by strictly validating the request-URI. Fixes CVE-2011-3368, CVE-2011-3639, CVE-2011-4317. * CVE-2011-3607: Fix integer overflow in ap_pregsub(), which allowed local privilege escalation. * CVE-2012-0031: Fix client process being able to crash parent process during shutdown. * CVE-2012-0053: Fix an issue in code 400 error responses that could expose "httpOnly" cookies. Checksums-Sha1: 9b658372501cb769eea11e3a26bbb0d0887d4896 1701 apache2_2.2.9-10+lenny12.dsc 5ffa9479759d9a9f3a688d9716f542f0c327fc2f 161094 apache2_2.2.9-10+lenny12.diff.gz 77f4a7acd96d9e2239936554beaedc3cf47c889b 784086 apache2.2-common_2.2.9-10+lenny12_i386.deb b3a6e5db360c948ef4e41c4cf3c8de476641acfe 243810 apache2-mpm-worker_2.2.9-10+lenny12_i386.deb 077a86abfb9444edb132edbb80d4ad1237156c32 240562 apache2-mpm-prefork_2.2.9-10+lenny12_i386.deb 3fbda67231ab3410101d8d05ec791270673751cd 244282 apache2-mpm-event_2.2.9-10+lenny12_i386.deb 890d81c78e662c1ded74335edfc5a55aa1420110 144882 apache2-utils_2.2.9-10+lenny12_i386.deb fe3f8fe218eb5778bf716d6876d16ebf27955fe5 83634 apache2-suexec_2.2.9-10+lenny12_i386.deb 2dd6cdd91748eb3a5ae9fd58eff798857e87b31f 85236 apache2-suexec-custom_2.2.9-10+lenny12_i386.deb bed9b28c36e140b4cde5cfc18377a18cf5b0dce0 212482 apache2-prefork-dev_2.2.9-10+lenny12_i386.deb a9df6dde4a83bfaa35e059fe70ae8ad79590d16b 213608 apache2-threaded-dev_2.2.9-10+lenny12_i386.deb a0f462b098d102d7d3957da9f293c7a1b8522bcc 2324648 apache2-dbg_2.2.9-10+lenny12_i386.deb 89bd0b2a2f78f116398bc4a3452b05d1e85cf875 46202 apache2_2.2.9-10+lenny12_all.deb 91b1593c23fe4ca8fd4e9fe347abb7a5517fcea1 2062106 apache2-doc_2.2.9-10+lenny12_all.deb 3c563eb3c54d5a941ba493058c747b291dc56112 6738132 apache2-src_2.2.9-10+lenny12_all.deb Checksums-Sha256: 0414eca4a7aaa05d272473045e24d98eb87427ca6dd8c0648dfc8867876e21e2 1701 apache2_2.2.9-10+lenny12.dsc 67b5d1add22e1f74704888d4852079dd681de348004695d42801b7aeee1887cd 161094 apache2_2.2.9-10+lenny12.diff.gz 698b6883820fcd4bb09c667bcb29ef9c291fb0a9e6d25dae8eb39b2406ca1104 784086 apache2.2-common_2.2.9-10+lenny12_i386.deb 4acd635b1a5571e93a0bb8439389aee0ddd4f68adc1fc1912ac123f44eba0f59 243810 apache2-mpm-worker_2.2.9-10+lenny12_i386.deb e9f2cae38bbe18d1aba9257b0bcc8be7fbdfa2a870916c8d678a131246e9cedd 240562 apache2-mpm-prefork_2.2.9-10+lenny12_i386.deb e301981e547f99fc98e8b66d8ac0c70bf6c8602693c67baec6bb320c25642b02 244282 apache2-mpm-event_2.2.9-10+lenny12_i386.deb bda0654da1b6a0b409605e26f513cb8119697d6bbcac2652f72dc49e98640858 144882 apache2-utils_2.2.9-10+lenny12_i386.deb c72aad5260c5f9695f8fb8b91d8f97ec39cfc9291956b368b0821d89c6ac9e59 83634 apache2-suexec_2.2.9-10+lenny12_i386.deb 417ba6b8de66025160d9bd3bb658831ea2e28db82ca3c3ef81fff13c8decc33a 85236 apache2-suexec-custom_2.2.9-10+lenny12_i386.deb 092fead593cba7e01674a37d9031723557a6c60637a0cae1246a21451083b34a 212482 apache2-prefork-dev_2.2.9-10+lenny12_i386.deb 941888be135c53d46bb4d628fd43459c02ef810ab1076225b69c73500c0f7d83 213608 apache2-threaded-dev_2.2.9-10+lenny12_i386.deb 2a6d4cb9a23e7c5e84c38f03b0798743e54f425723d9aaf487b805450339e87e 2324648 apache2-dbg_2.2.9-10+lenny12_i386.deb 15f79bdec88f137b468ec134a8bc787543838ee436826da31d7be8774927daab 46202 apache2_2.2.9-10+lenny12_all.deb b73989365035523b5a1da42aaae437f2d6cd20f405a9b4ffcb41fd49523a0aab 2062106 apache2-doc_2.2.9-10+lenny12_all.deb 076e09002897ef18a7ed5fc4524acb32ad819961b2773ad296b9a1b12bd3e403 6738132 apache2-src_2.2.9-10+lenny12_all.deb Files: 9098f5b90acba84b3c7440ebe96fd75c 1701 web optional apache2_2.2.9-10+lenny12.dsc 35cee550a06abd1018a4a927a2901187 161094 web optional apache2_2.2.9-10+lenny12.diff.gz 87050983587cd13554ea557adbc83acd 784086 web optional apache2.2-common_2.2.9-10+lenny12_i386.deb 473cf2433b10b686d17c585ede8570fb 243810 web optional apache2-mpm-worker_2.2.9-10+lenny12_i386.deb 07f3d8c91ab957df064b9aeff033b3ec 240562 web optional apache2-mpm-prefork_2.2.9-10+lenny12_i386.deb b820645cebae92fac622f13a077fc80c 244282 web optional apache2-mpm-event_2.2.9-10+lenny12_i386.deb 1f13c40e6408d1a0bbc5bd58e701a228 144882 web optional apache2-utils_2.2.9-10+lenny12_i386.deb 463672ac555e9901c2296b10a465bba3 83634 web optional apache2-suexec_2.2.9-10+lenny12_i386.deb e7fcba318bff4f1c970bc6731cf1ae64 85236 web extra apache2-suexec-custom_2.2.9-10+lenny12_i386.deb 256276b941e3dee4bc64153ae1dc69fe 212482 devel extra apache2-prefork-dev_2.2.9-10+lenny12_i386.deb 6802901ad54ce5a3f0d68ab4fb7ea44f 213608 devel extra apache2-threaded-dev_2.2.9-10+lenny12_i386.deb fcab3c6914d157b62b163abab0b71075 2324648 libdevel extra apache2-dbg_2.2.9-10+lenny12_i386.deb c2d91806caba450196d60e8789bf1a77 46202 web optional apache2_2.2.9-10+lenny12_all.deb 27499bd55e99ad847998fa527ba97ec8 2062106 doc optional apache2-doc_2.2.9-10+lenny12_all.deb de5ace1914f69bbb6549edf3a4e604f6 6738132 devel extra apache2-src_2.2.9-10+lenny12_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPLvHobxelr8HyTqQRAtv0AKDVZwrYiy6tgsWwChTdyKZjF+VeZwCg2XHN tku5DLybt7ocfNGB709GAvE= =vCwP -----END PGP SIGNATURE----- Accepted: apache2-dbg_2.2.9-10+lenny12_i386.deb to main/a/apache2/apache2-dbg_2.2.9-10+lenny12_i386.deb apache2-doc_2.2.9-10+lenny12_all.deb to main/a/apache2/apache2-doc_2.2.9-10+lenny12_all.deb apache2-mpm-event_2.2.9-10+lenny12_i386.deb to main/a/apache2/apache2-mpm-event_2.2.9-10+lenny12_i386.deb apache2-mpm-prefork_2.2.9-10+lenny12_i386.deb to main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny12_i386.deb apache2-mpm-worker_2.2.9-10+lenny12_i386.deb to main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny12_i386.deb apache2-prefork-dev_2.2.9-10+lenny12_i386.deb to main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny12_i386.deb apache2-src_2.2.9-10+lenny12_all.deb to main/a/apache2/apache2-src_2.2.9-10+lenny12_all.deb apache2-suexec-custom_2.2.9-10+lenny12_i386.deb to main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny12_i386.deb apache2-suexec_2.2.9-10+lenny12_i386.deb to main/a/apache2/apache2-suexec_2.2.9-10+lenny12_i386.deb apache2-threaded-dev_2.2.9-10+lenny12_i386.deb to main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny12_i386.deb apache2-utils_2.2.9-10+lenny12_i386.deb to main/a/apache2/apache2-utils_2.2.9-10+lenny12_i386.deb apache2.2-common_2.2.9-10+lenny12_i386.deb to main/a/apache2/apache2.2-common_2.2.9-10+lenny12_i386.deb apache2_2.2.9-10+lenny12.diff.gz to main/a/apache2/apache2_2.2.9-10+lenny12.diff.gz apache2_2.2.9-10+lenny12.dsc to main/a/apache2/apache2_2.2.9-10+lenny12.dsc apache2_2.2.9-10+lenny12_all.deb to main/a/apache2/apache2_2.2.9-10+lenny12_all.deb