-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 29 Mar 2014 22:50:32 +0100 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2.2-bin libapache2-mod-proxy-html libapache2-mod-macro apache2-utils apache2-suexec apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg Architecture: source i386 all Version: 2.4.9-1 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (binary files and modules) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-mpm-event - transitional event MPM package for apache2 apache2-mpm-itk - transitional itk MPM package for apache2 apache2-mpm-prefork - transitional prefork MPM package for apache2 apache2-mpm-worker - transitional worker MPM package for apache2 apache2-suexec - transitional package for apache2-suexec-pristine apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) apache2.2-bin - Transitional package for apache2-bin libapache2-mod-macro - Transitional package for apache2-bin libapache2-mod-proxy-html - Transitional package for apache2-bin Closes: 738315 Changes: apache2 (2.4.9-1) unstable; urgency=medium . * New upstream version. Security fixes: - CVE-2013-6438: mod_dav: Fix DoS from crafted DAV WRITE requests. - CVE-2014-0098: mod_log_config: Fix segfaults when logging truncated cookies. Notable new features: - Support named groups and backreferences within the LocationMatch, DirectoryMatch, FilesMatch and ProxyMatch directives. - mod_proxy: Added support for unix domain sockets as the backend server endpoint. - mod_ssl: Add support for OpenSSL configuration commands by introducing the SSLOpenSSLConfCmd directive. - mod_authz_user, mod_authz_host, mod_authz_groupfile, mod_authz_dbm, mod_authz_dbd, mod_authnz_ldap: Support the expression parser within the require directives. - mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore, and IgnoreInherit. - Bugfix in the build system to avoid problems with patched config.m4 files as in LP #1251939. * Make default cipher list in ssl.conf more secure: - Remove 'MEDIUM'. This disables RC4 and SEED. Also remove '!MD5' because 'HIGH' does not include MD5. - Remove the 'Speed-optimized SSL Cipher' configuration example because it depends on RC4, which is considered insecure. * Change init script short description to describe the service, not the script. Closes: #738315 * Bump Standards-Version (no changes). Checksums-Sha1: cfcfa90f2b7e94eb681935e1352df9eb14c1a7c7 3023 apache2_2.4.9-1.dsc 646aedbf59519e914c424b3a85d846bf189be3f4 4994460 apache2_2.4.9.orig.tar.bz2 cedce8a1c43199257b9bfac918faf8252fc1300a 436268 apache2_2.4.9-1.debian.tar.xz 2caa1087f66f0c9e7e26e3c23500df35f02f1e11 1504 libapache2-mod-proxy-html_2.4.9-1_i386.deb d213563a4bcf03b27ba788486a3d6993b1b1a149 1490 libapache2-mod-macro_2.4.9-1_i386.deb 2a1c65e66493d232771be6e8d568cf0391e2e6be 196072 apache2_2.4.9-1_i386.deb 05da2ecc38785e2b43d6ed523b9e7f077119b8cf 162564 apache2-data_2.4.9-1_all.deb cd3d53c1d6c75901799b852716b02455a943f6e3 961932 apache2-bin_2.4.9-1_i386.deb 4fd88ea9aabc26d268dc7406c9c52ee7bdee7210 1508 apache2-mpm-worker_2.4.9-1_i386.deb be8b30d4af2f15312457594849d190cd79f84aff 1506 apache2-mpm-prefork_2.4.9-1_i386.deb fc7d0932599f8daf45075e4af8792b29ed7ffaf9 1510 apache2-mpm-event_2.4.9-1_i386.deb 91058e459c002ccc2f6a93691babc4c6f6eece62 1506 apache2-mpm-itk_2.4.9-1_i386.deb 1b6bcc81e948622d4216aa7bdf4016794b1ed14e 1518 apache2.2-bin_2.4.9-1_i386.deb acabec0814c4f52d59dc4d3aae256b678418772c 187838 apache2-utils_2.4.9-1_i386.deb 174f8408a8ff1adc4abf0ced9766abd6ac68681a 1480 apache2-suexec_2.4.9-1_i386.deb 678376465c11d3bc01662abb07c9d9393e6deb59 121908 apache2-suexec-pristine_2.4.9-1_i386.deb 891ee143e443d20f9fa5c881a90d3724649757b2 123412 apache2-suexec-custom_2.4.9-1_i386.deb 036ddbaf6f62ddf21ca828f0353040d4b5d9503d 2712532 apache2-doc_2.4.9-1_all.deb c471559669e05b63f8b27b060a456cf750392235 272424 apache2-dev_2.4.9-1_i386.deb 41d4a97283e9a91bb38e764f03f6befb3b7d112c 1932552 apache2-dbg_2.4.9-1_i386.deb Checksums-Sha256: cc06cbf778e4bec58d961f1cc3b238cb06a14e4f757daeed21bd8ab8b7b292dc 3023 apache2_2.4.9-1.dsc f78cc90dfa47caf3d83ad18fd6b4e85f237777c1733fc9088594b70ce2847603 4994460 apache2_2.4.9.orig.tar.bz2 21ac07b2c0a1ea56881ca95c48307dbc12dfe44453aef1bad03a4321055586a6 436268 apache2_2.4.9-1.debian.tar.xz 503ed4927351c8c227c0178cc4a7fb46a892d2fece969eaefdd164a5220a0928 1504 libapache2-mod-proxy-html_2.4.9-1_i386.deb 29006d2366bf0e7e4e3dc1d36fcdf351fd866551a412273be9801d447e4b68ec 1490 libapache2-mod-macro_2.4.9-1_i386.deb a4ad50a6b5c5643b9f3ac50d1eb383c8c47aca91b245dfa5855ede2ca3dc3c97 196072 apache2_2.4.9-1_i386.deb 84ced5e5fcb9fa99ad7508a2330e89af42767ccdc0b9a0f382dcbf531ef959ab 162564 apache2-data_2.4.9-1_all.deb 2859ef8e3b1f7e8bc2e3f662b426b06a35061ff8c6c8f93d65ef0570d4925c8e 961932 apache2-bin_2.4.9-1_i386.deb 8252d51830e1dbcbe5745880795493f2041cd1186fda764c5ef93d47a6b1d95d 1508 apache2-mpm-worker_2.4.9-1_i386.deb d00d33989fd47b2acc42ba700ed6bdea404a668b8b95e2a22afe89fd3c5f84dd 1506 apache2-mpm-prefork_2.4.9-1_i386.deb cbaf77412b2ddf84b2c9e784aa6b954626ba9452477e0eaca05c7ff8455f2be1 1510 apache2-mpm-event_2.4.9-1_i386.deb 30585394a919cdd65b04a875068761ee91932a0380256255061be220da608dff 1506 apache2-mpm-itk_2.4.9-1_i386.deb 0c0aec8adf6b151d1807929893cded0ad8d4d28ec18d480f43f00d4d1ce607b6 1518 apache2.2-bin_2.4.9-1_i386.deb e0ebddee1be410636ff3b2e2de2fb801d629e0530247bb5ed8f5c99ec0f8d62f 187838 apache2-utils_2.4.9-1_i386.deb 3716619e08ea8f08fca1ebad22e0cc57d0a00f4edf665ba37665ff932bc0489e 1480 apache2-suexec_2.4.9-1_i386.deb 701e36a5af7ac42befbb39ea47db7370adb43925f615c161bef4ab848caba475 121908 apache2-suexec-pristine_2.4.9-1_i386.deb fef5b6b27337fb20f5d1d2f64b9a14aad96d88f0ebb18a8dc3d38028254a96e5 123412 apache2-suexec-custom_2.4.9-1_i386.deb cedd9ca2347f8d469a44ed5477828e7540c3928ad6e38487a69750de86172758 2712532 apache2-doc_2.4.9-1_all.deb ed264de5f587c82598d4bb2b2f8e0d37e041f004cb4e99cb16fa81ce1bc9cf8b 272424 apache2-dev_2.4.9-1_i386.deb b61a1a3313a1b2b6e2938de75d0e35d724f0deb5034f269a2a7a4510a3e3cf92 1932552 apache2-dbg_2.4.9-1_i386.deb Files: a5b42a4b302b4ec1ead70e037d1a5f12 3023 httpd optional apache2_2.4.9-1.dsc 2ef4e65353497606b24fa9bb3e5a3c40 4994460 httpd optional apache2_2.4.9.orig.tar.bz2 a1fc016955d52049ca7707e1c38f9410 436268 httpd optional apache2_2.4.9-1.debian.tar.xz 6c4951411f551bad4c69e102cbec1c24 1504 oldlibs extra libapache2-mod-proxy-html_2.4.9-1_i386.deb e5c641cac6e487a38611ba4c126626ef 1490 oldlibs extra libapache2-mod-macro_2.4.9-1_i386.deb ad49c0c92b67e75bd367bca6b18f0512 196072 httpd optional apache2_2.4.9-1_i386.deb 5981f718fc530539335fe29f6f73a5a4 162564 httpd optional apache2-data_2.4.9-1_all.deb 03712785afdc2257042b1a8f6c248f80 961932 httpd optional apache2-bin_2.4.9-1_i386.deb c317bb6a46e036e8c4c7360007490d49 1508 oldlibs extra apache2-mpm-worker_2.4.9-1_i386.deb e1bdb8b72a6fe63902af4baba9b06b3b 1506 oldlibs extra apache2-mpm-prefork_2.4.9-1_i386.deb fa80f78760e8940a50788e3a683b5e75 1510 oldlibs extra apache2-mpm-event_2.4.9-1_i386.deb 63212b2ed2a05f31ab8ab36a501d9d2e 1506 oldlibs extra apache2-mpm-itk_2.4.9-1_i386.deb 63cf34974207d2bed52b6edbfac43098 1518 oldlibs extra apache2.2-bin_2.4.9-1_i386.deb 9198aeb6e85e8809d9d14f97e226dadb 187838 httpd optional apache2-utils_2.4.9-1_i386.deb 7c346503240d3694bd65b267f0e9f7a6 1480 oldlibs extra apache2-suexec_2.4.9-1_i386.deb f271f58dde5ce7621ed617af4beadcda 121908 httpd optional apache2-suexec-pristine_2.4.9-1_i386.deb 9e6affae96a7b45706b267f1a00cdf56 123412 httpd extra apache2-suexec-custom_2.4.9-1_i386.deb b50a31244dd8c6d60f66230a6a198896 2712532 doc optional apache2-doc_2.4.9-1_all.deb dcd8a1172fb0e8c83afd96e95d2deca0 272424 httpd optional apache2-dev_2.4.9-1_i386.deb e889b65b62e2418f1f9b7f41142eaf50 1932552 debug extra apache2-dbg_2.4.9-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBUzdCE8aHXzVBzv3gAQgs1hAAvyyT7ldqt5Yw2qebp4Y/Rbiptis1Wl8x 2kKKpih9xd3aBeKUb7mVQrX1Dy+mdgfIdaS7l6GBD4FYB8kpI0mijZR8ltB/Apw0 /6jVvCz15wQvckJMHCCKMaJZNpD2LF8HoL0GmtYuyItLujUNVcn4Xm2ZJTG4YuhI qUWZEy0zRKVLPS3PlXEFAzV8rEcXtnA6y3kXrJ2K7UYTO9nk+SVC5DI7iNHsjoqr u+R2JtYiVPrzOwZNzmRjrD/0uBUzl+bnbwuygpqPbhqRMIYYXz5qUkwtJnsmR7bI TAiPxOTu6e8BEaf/BzlOyxTEnXyWQKclP1TATKQqMGe2dcqeMy3Ji6SOU2maaZX9 So9YXOFUgh7ZE7sZImCx5MEQdNMzHKURQRYXetohMpg/7hbDhU233qnFGxTNn+xB fXvngBEcP835fT29fRAppD3m0VoyVu2mqusmoZ0USCdf23McRm2sA414SrZemNpP rN41TeQXwlx24JtduItYDeilS+XTVpw8hWvEmYrMdb7nAmA5X6wu90zXwCg3FZl+ hQAbuYecPbQEhgAz1wq0ms87MVaQG/NzahEi8Um381MBWddGPLRnzd/mz2l5+41S PWkF4MaoBRgvQCUS2wFRuu4jniGutSLUonr16V0EQpuEgpWTJa+0M6QFIzmdTv9h 7E7EDFrN1SI= =Eqi/ -----END PGP SIGNATURE-----