-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 01 Apr 2012 00:20:48 +0200 Source: apache2 Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg Architecture: source all i386 Version: 2.2.16-6+squeeze7 Distribution: squeeze-security Urgency: high Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-itk - multiuser MPM for Apache 2.2 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-bin - Apache HTTP Server common binary files apache2.2-common - Apache HTTP Server common files Changes: apache2 (2.2.16-6+squeeze7) squeeze-security; urgency=high . * CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual hosts' config files. If scripting modules like mod_php or mod_rivet are enabled on systems where either 1) some frontend server forwards connections to an apache2 backend server on the localhost address, or 2) the machine running apache2 is also used for web browsing, this could allow a remote attacker to execute example scripts stored under /usr/share/doc. Depending on the installed packages, this could lead to issues like cross site scripting, code execution, or leakage of sensitive data. Checksums-Sha1: ba3ddf8dc7e238d3ec3a7ac2f41a2533f2ba4260 1832 apache2_2.2.16-6+squeeze7.dsc f8e30da470059cfebb0c4a20e504930c0c1be4ce 220810 apache2_2.2.16-6+squeeze7.diff.gz 88a2e4f547ef872729245d76e56272e617fe2c6e 2304888 apache2-doc_2.2.16-6+squeeze7_all.deb e93e7d9b3f6ae67426d8a73694554a838ae3c410 308446 apache2.2-common_2.2.16-6+squeeze7_i386.deb 91aee355d76242736e9fa734852bc301a5730db5 1352744 apache2.2-bin_2.2.16-6+squeeze7_i386.deb 875d56733066179970615d6ad1e70a9f5fe35d3c 2224 apache2-mpm-worker_2.2.16-6+squeeze7_i386.deb 1319b3498c9094a8c600ff917e6699036664c996 2282 apache2-mpm-prefork_2.2.16-6+squeeze7_i386.deb 5e07f69569213b3c941fd163035fbd6d110f5e57 2260 apache2-mpm-event_2.2.16-6+squeeze7_i386.deb 0c501d68405491f7c8689b4e3eb3722e4a97cc9d 2286 apache2-mpm-itk_2.2.16-6+squeeze7_i386.deb aa38649693f11af804d1e9c422c109a8c2da5494 165316 apache2-utils_2.2.16-6+squeeze7_i386.deb 41de950e2e7b98601857056c41b0a2d02ba563b9 99826 apache2-suexec_2.2.16-6+squeeze7_i386.deb 7edc892ed3e7e24ad2ada342b076acc01baa095a 101378 apache2-suexec-custom_2.2.16-6+squeeze7_i386.deb 1fdb369443901c936278fcbab3455d5afe7cdd62 1384 apache2_2.2.16-6+squeeze7_i386.deb a1e6e59767876959d2951997d9f8073d0ec08675 137244 apache2-prefork-dev_2.2.16-6+squeeze7_i386.deb 0d1c9cc0d4a3de2aef65c3f63ecda68db9d973ad 138374 apache2-threaded-dev_2.2.16-6+squeeze7_i386.deb 8884e9da38e82dac9f2aa88fef29199746219892 2681142 apache2-dbg_2.2.16-6+squeeze7_i386.deb Checksums-Sha256: f336d36a9590bbb3bf9a2bed6d9406c7aa49cdad6b573b0325c5624ad790f350 1832 apache2_2.2.16-6+squeeze7.dsc e99dee01ce7af4fb2a01c250a81076ebc83b6932edbbcae807fbd8dd4c964cdc 220810 apache2_2.2.16-6+squeeze7.diff.gz 218db548ef4cfa5835162938021972353adb5b56a9988e8e741803212df082ad 2304888 apache2-doc_2.2.16-6+squeeze7_all.deb cd6e48e36aa1086c2c9f31ffbda66a90e362ca166c4d5afa77721f99ef2e4547 308446 apache2.2-common_2.2.16-6+squeeze7_i386.deb 7609a3f473b054f75edae95f56e73adcd7cbb640458d03b109cb7243c2c9a791 1352744 apache2.2-bin_2.2.16-6+squeeze7_i386.deb e6d8bb6ecbb2ec4a046ac10ab598cbdfcb58abe1ca460354b40dd9984865f676 2224 apache2-mpm-worker_2.2.16-6+squeeze7_i386.deb f924c02505eb7adf7f7466119f2133ef71d349619511c97853e1d247a7f89dd4 2282 apache2-mpm-prefork_2.2.16-6+squeeze7_i386.deb 6374207f6c70f4fd9ac2310d3e9a0b4dfbfaa13f2f6513ec549c581d62d07c10 2260 apache2-mpm-event_2.2.16-6+squeeze7_i386.deb 778aaba69da5cdc285aa5222dffd67c6ca1cd600bbe7ade0c63bd2f6153da7b9 2286 apache2-mpm-itk_2.2.16-6+squeeze7_i386.deb 9dc84c22e77f2366c10876aab19b9a2d07fd12fd4a7504ba6c8dbf652e632976 165316 apache2-utils_2.2.16-6+squeeze7_i386.deb 9bd1bdbcedff896de2fed83ba71931d69da565e952b5a687d4b218cd225e8cda 99826 apache2-suexec_2.2.16-6+squeeze7_i386.deb ddbe7c0166d95d22f3db4efc8d3058f2aa86315dff2ac151f27a6ebcc90789d2 101378 apache2-suexec-custom_2.2.16-6+squeeze7_i386.deb 8f0072b0e9172e13bc08129afbbafc69b61a905e10cb6d1f23b3c27159c422a4 1384 apache2_2.2.16-6+squeeze7_i386.deb e335e031ec0dee37cc2f94b5871113e1e9c601d6815a415aa67ccd9c324f3d60 137244 apache2-prefork-dev_2.2.16-6+squeeze7_i386.deb dc22ad14c055fd451d937980dd2ad1e28ff33e3d1bc8e46768a5a8d753d0ce0a 138374 apache2-threaded-dev_2.2.16-6+squeeze7_i386.deb 56978ae3ae2369c32536fd35bdef1557a7b953cb02847ec51c719e51b1f14dde 2681142 apache2-dbg_2.2.16-6+squeeze7_i386.deb Files: 994a296a77849927f83051e59afc42b7 1832 httpd optional apache2_2.2.16-6+squeeze7.dsc f1d8cb5729da76ae978a602a4bda980d 220810 httpd optional apache2_2.2.16-6+squeeze7.diff.gz 156ed750c265fa7975100faa17a6d063 2304888 doc optional apache2-doc_2.2.16-6+squeeze7_all.deb aedd55a66c76555f2b30f628ab4eb676 308446 httpd optional apache2.2-common_2.2.16-6+squeeze7_i386.deb 043c49c31ba00bfa180f45c331f02550 1352744 httpd optional apache2.2-bin_2.2.16-6+squeeze7_i386.deb 71074cebf51bfb0e1273cc3557932f5f 2224 httpd optional apache2-mpm-worker_2.2.16-6+squeeze7_i386.deb 68b5312271d4548a5909ce61b05c7b5d 2282 httpd optional apache2-mpm-prefork_2.2.16-6+squeeze7_i386.deb 3812259f8b0866bd4203d321288cc955 2260 httpd optional apache2-mpm-event_2.2.16-6+squeeze7_i386.deb e298cc991f5dadc4bf94ae4a7294f6e8 2286 httpd extra apache2-mpm-itk_2.2.16-6+squeeze7_i386.deb 0a7299fd3a4fadb27b1d6ac832b0bdf3 165316 httpd optional apache2-utils_2.2.16-6+squeeze7_i386.deb 9b1856dfd1cbc8a393ac1854219d23f0 99826 httpd optional apache2-suexec_2.2.16-6+squeeze7_i386.deb be12d7ce59160dbb429e0962785f2dd6 101378 httpd extra apache2-suexec-custom_2.2.16-6+squeeze7_i386.deb c9a8460568ab486cbf949f178cf1ecb2 1384 httpd optional apache2_2.2.16-6+squeeze7_i386.deb 4d33b3fbf2c09086b0dacf3f7b930e21 137244 httpd extra apache2-prefork-dev_2.2.16-6+squeeze7_i386.deb 583e202db142d682ed6eda1e096c3684 138374 httpd extra apache2-threaded-dev_2.2.16-6+squeeze7_i386.deb 29aa42928ba5855a9d095a66c02d0eb9 2681142 debug extra apache2-dbg_2.2.16-6+squeeze7_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFPd/osbxelr8HyTqQRAuUWAKCdsmiTWFrzsNwnJhno7mp1Pid8WgCeKYKW yB0gIhB4JirB1roXIHccUJY= =g++z -----END PGP SIGNATURE----- Accepted: apache2-dbg_2.2.16-6+squeeze7_i386.deb to main/a/apache2/apache2-dbg_2.2.16-6+squeeze7_i386.deb apache2-doc_2.2.16-6+squeeze7_all.deb to main/a/apache2/apache2-doc_2.2.16-6+squeeze7_all.deb apache2-mpm-event_2.2.16-6+squeeze7_i386.deb to main/a/apache2/apache2-mpm-event_2.2.16-6+squeeze7_i386.deb apache2-mpm-itk_2.2.16-6+squeeze7_i386.deb to main/a/apache2/apache2-mpm-itk_2.2.16-6+squeeze7_i386.deb apache2-mpm-prefork_2.2.16-6+squeeze7_i386.deb to main/a/apache2/apache2-mpm-prefork_2.2.16-6+squeeze7_i386.deb apache2-mpm-worker_2.2.16-6+squeeze7_i386.deb to main/a/apache2/apache2-mpm-worker_2.2.16-6+squeeze7_i386.deb apache2-prefork-dev_2.2.16-6+squeeze7_i386.deb to main/a/apache2/apache2-prefork-dev_2.2.16-6+squeeze7_i386.deb apache2-suexec-custom_2.2.16-6+squeeze7_i386.deb to main/a/apache2/apache2-suexec-custom_2.2.16-6+squeeze7_i386.deb apache2-suexec_2.2.16-6+squeeze7_i386.deb to main/a/apache2/apache2-suexec_2.2.16-6+squeeze7_i386.deb apache2-threaded-dev_2.2.16-6+squeeze7_i386.deb to main/a/apache2/apache2-threaded-dev_2.2.16-6+squeeze7_i386.deb apache2-utils_2.2.16-6+squeeze7_i386.deb to main/a/apache2/apache2-utils_2.2.16-6+squeeze7_i386.deb apache2.2-bin_2.2.16-6+squeeze7_i386.deb to main/a/apache2/apache2.2-bin_2.2.16-6+squeeze7_i386.deb apache2.2-common_2.2.16-6+squeeze7_i386.deb to main/a/apache2/apache2.2-common_2.2.16-6+squeeze7_i386.deb apache2_2.2.16-6+squeeze7.diff.gz to main/a/apache2/apache2_2.2.16-6+squeeze7.diff.gz apache2_2.2.16-6+squeeze7.dsc to main/a/apache2/apache2_2.2.16-6+squeeze7.dsc apache2_2.2.16-6+squeeze7_i386.deb to main/a/apache2/apache2_2.2.16-6+squeeze7_i386.deb
