-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 08 Jun 2014 10:38:04 +0200 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2.2-bin libapache2-mod-proxy-html libapache2-mod-macro apache2-utils apache2-suexec apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg Architecture: source i386 all Version: 2.4.9-2 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (binary files and modules) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-mpm-event - transitional event MPM package for apache2 apache2-mpm-itk - transitional itk MPM package for apache2 apache2-mpm-prefork - transitional prefork MPM package for apache2 apache2-mpm-worker - transitional worker MPM package for apache2 apache2-suexec - transitional package for apache2-suexec-pristine apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) apache2.2-bin - Transitional package for apache2-bin libapache2-mod-macro - Transitional package for apache2-bin libapache2-mod-proxy-html - Transitional package for apache2-bin Closes: 743915 Changes: apache2 (2.4.9-2) unstable; urgency=medium . * Fix logic in postinst to detect existing index.* files in both DocumentRoots, the old /var/www and the new /var/www/html. Also change the compiled in default DocumentRoot to /var/www/html. Closes: #743915 * Fix buffer overflows in suexec with very long (unix) usernames. Not exploitable due to FORTIFY_SOURCE. And creating users usually requires root privileges, anyway. Thanks to Luca Bruno for the report. * Remove conflicts of mpm modules with mpm_itk, which isn't an mpm anymore. Fixes a part of: #734865. libapache2-mpm-itk needs a fix, too. * Remove obsolete warning in a2enmod about mpm-itk. * Fix lintian warning: Remove image ref to w3.org, which is a privacy breach. Checksums-Sha1: 49a74830591ee8af77c96af61eb904f2e268523e 3172 apache2_2.4.9-2.dsc c738e26dd3f779bc4df76dfda27cbe47a79d63a6 436576 apache2_2.4.9-2.debian.tar.xz f2b5d2f8b65ba216f0ee6db67cc68201930d0967 1510 libapache2-mod-proxy-html_2.4.9-2_i386.deb 465a1b4725937eab3babdc090d91e2e1a2b0d742 1494 libapache2-mod-macro_2.4.9-2_i386.deb 21a39da9f1c079ad8af38be7e10097e1dddca6be 196384 apache2_2.4.9-2_i386.deb a47b237d022c1420195b65954a3fde8eb28814ce 162622 apache2-data_2.4.9-2_all.deb 276c9dd01e6bb77454d12213b83ded68aa08a39f 963776 apache2-bin_2.4.9-2_i386.deb 52f56152b0c77091a007658e4c122944f4950def 1510 apache2-mpm-worker_2.4.9-2_i386.deb 6fe63beddff39c089ecab724ff9b2cf1bb489b23 1512 apache2-mpm-prefork_2.4.9-2_i386.deb e69b8358eb927070610892dfe57e3f3854da899d 1510 apache2-mpm-event_2.4.9-2_i386.deb 67754ba17d625b901489eb234a57b89f514eed55 1510 apache2-mpm-itk_2.4.9-2_i386.deb 71d58af16d5e3290a440783dd3406b1aee9a1894 1526 apache2.2-bin_2.4.9-2_i386.deb 3d784aebf90cff47ebd33d08649bd14d9b07b289 188172 apache2-utils_2.4.9-2_i386.deb c8a390eb53517c70181c89b2c6adb5b6b1f0691a 1484 apache2-suexec_2.4.9-2_i386.deb a5cb71135fd34586a6c9d2a8f613c08baefd18b1 122202 apache2-suexec-pristine_2.4.9-2_i386.deb e3d89f92e7104bf1fe7e438e772e78674f462056 123678 apache2-suexec-custom_2.4.9-2_i386.deb 9582cb55d1b2ff41f4d3a4f7ca6c8118c2534818 2713066 apache2-doc_2.4.9-2_all.deb 14d8cc5d8c32ea6370b4fe67832282282cac79c5 272732 apache2-dev_2.4.9-2_i386.deb cb033fe3affbdc4a53a22fe58dd865418e69eb33 1923890 apache2-dbg_2.4.9-2_i386.deb Checksums-Sha256: 020460d3a7affa62fd6755ff3f98429d15aee1092e31ba2bc7645fe64aa7daed 3172 apache2_2.4.9-2.dsc 9d430197df34833463fbe37f4ed58f40e8fa8d85e9872a9cdb690261cc8e8bc5 436576 apache2_2.4.9-2.debian.tar.xz e5277abeaa961fbd92d008657a989eb49a4e8a3df244107c74a1516a4d39d800 1510 libapache2-mod-proxy-html_2.4.9-2_i386.deb 674792ff5cac9d3275348d17fdf52fa134f53da9f69dc61e4d76776d2bbbb1a9 1494 libapache2-mod-macro_2.4.9-2_i386.deb 4ca6ec17de37f7896689e2a711bc0d99bb5386a0f44b6032dd4dacef3faeb6aa 196384 apache2_2.4.9-2_i386.deb 392fe209b889425392e77c5c9fcd64d4cdd29f315f83a3577584a15407b5f672 162622 apache2-data_2.4.9-2_all.deb 433a0eac6b7e5626417023cd946a220fd203c3a3319ce53ca81628b384b7d4fa 963776 apache2-bin_2.4.9-2_i386.deb 1419d17bf794f3f78c32edab16fb3d872a91d28ac4c77887b56915097d38551b 1510 apache2-mpm-worker_2.4.9-2_i386.deb dbee56555bf6b92a8062270b200226fcac65e160f37690ce883ee1d111770aa6 1512 apache2-mpm-prefork_2.4.9-2_i386.deb f48705b7714f844a19835bd0798c5a8742a11e5e0fc40ae6a9b0d3da07fcd064 1510 apache2-mpm-event_2.4.9-2_i386.deb 6214d2482a3f431480991e8f7da75e50f0312125df5ebf9a25b751a4867c41a4 1510 apache2-mpm-itk_2.4.9-2_i386.deb e3d7583ef41c12a66d0049dacba718f7a8cf07b67d41cddcbdfce045730cb9dd 1526 apache2.2-bin_2.4.9-2_i386.deb cdce874ebbf8db11eeab0e2a6bf3f791c3c031e1b4b231cb71f160cf24d24483 188172 apache2-utils_2.4.9-2_i386.deb fb1c9c146d78a244f0f57eba70bfa21af8506089cc69d34acf8963ab5fdfa67c 1484 apache2-suexec_2.4.9-2_i386.deb a19c7820515c712d9e6958e2fe86731b3e25f826ac198dd71b97d59a44e2b6b0 122202 apache2-suexec-pristine_2.4.9-2_i386.deb 54e2f56e9c9c83258784730e3d91cbb1a295665ed077c2a04c076d13840a32eb 123678 apache2-suexec-custom_2.4.9-2_i386.deb 2a6cc6d1a47c93a273c1283e118f8eb2bd4d508cf89c7bb813f17e293e43a071 2713066 apache2-doc_2.4.9-2_all.deb 48c12d4a65f4af141b675c1fe2c01f6908acdb9cd0db9de51c40c6dcd80bd395 272732 apache2-dev_2.4.9-2_i386.deb ea47ec2e7c475243b5d967facae6428bdbd506b50a12ad700c3a027451020ffb 1923890 apache2-dbg_2.4.9-2_i386.deb Files: 86d83e065f6f0e112af6f5879c411f21 1510 oldlibs extra libapache2-mod-proxy-html_2.4.9-2_i386.deb 4c309e496f5f2f94591f1fbeb95261b8 1494 oldlibs extra libapache2-mod-macro_2.4.9-2_i386.deb 6e68f16d5ea0d2047361a5b87c7a0dff 196384 httpd optional apache2_2.4.9-2_i386.deb 6aea8335f318e2fb14add693f591ae50 162622 httpd optional apache2-data_2.4.9-2_all.deb c41774893f545215dbf30add97e6acbe 963776 httpd optional apache2-bin_2.4.9-2_i386.deb f619a472b758763d5993b31ed38ac76e 1510 oldlibs extra apache2-mpm-worker_2.4.9-2_i386.deb c97ac85bfd9929643bbf4db6f720b600 1512 oldlibs extra apache2-mpm-prefork_2.4.9-2_i386.deb d2299c8276191104e68e46d6241dc583 1510 oldlibs extra apache2-mpm-event_2.4.9-2_i386.deb e03c8fcc1b7341baa67b09ed2cc39f20 1510 oldlibs extra apache2-mpm-itk_2.4.9-2_i386.deb a9fcce4ec9d31e865825d6645a929353 1526 oldlibs extra apache2.2-bin_2.4.9-2_i386.deb 8f3bcb074e4bce344d13183667a3a266 188172 httpd optional apache2-utils_2.4.9-2_i386.deb f3b3ca1d1ecad94e281117a175ee5e4f 1484 oldlibs extra apache2-suexec_2.4.9-2_i386.deb c95c5e3e9a4415be2bb3926afa343631 122202 httpd optional apache2-suexec-pristine_2.4.9-2_i386.deb 851779ba6e2667cf0270324b33b80a78 123678 httpd extra apache2-suexec-custom_2.4.9-2_i386.deb a264194adf5c3dbe66f6a3cce7cbec09 2713066 doc optional apache2-doc_2.4.9-2_all.deb dfc086e2b298ecc683ace4178928c18d 272732 httpd optional apache2-dev_2.4.9-2_i386.deb f4fc5c53a0c910832b38bfdb84f308bf 1923890 debug extra apache2-dbg_2.4.9-2_i386.deb 6e597bc45aebca2eea4989c50c271ed4 3172 httpd optional apache2_2.4.9-2.dsc cac9b367bb37d8e3d88042dc903f1da7 436576 httpd optional apache2_2.4.9-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBU5QiW8aHXzVBzv3gAQgZzRAAmTBeCEW1W8MxZyxhTCHAWzTK5UyJH5oz VAGwTnxoV+CPGCeho0LOF0mCWK8xl9CD3c6KHuBT8AJqMiMwrpCjrAfys6DhZWFY n2/Nb0ULHxjCR5JNeifUwGGVwJXFu6T9Y5yA6vrAHfRiDa70d5HVk9nMmxiz+Oy0 dCFBTaXDyHbSNiumpmgvJNfNYKXdAZhKqXQXzTwW2LTHiADuScQzpJJbR6Q5ld27 ScMHW9iuthZDMpoMdIJREIvacP56cHnXxj04/UmPiaFDRALn/KErBty8s0gjBr0B kAsqsGT2yslFFqhq+JCahud6L4QHYT0t0T87K2/e3lrJKimU0w4lqg2sAsvZ4DuC M/guP1PrM2E0xjaMo/ZdC1IweWADBrKNoI4kN9uZOYZLGpU6CwyEInzqpvAfQDhb RFwpR6cc3STtSwfuajm7AGxW3QVwWN19/eAO/ntMxQgWs3F88Otje6c5TJIj7k7s zoLCNzOg2uwsrKVoY6ITsXqyiQcBsKZ0yXKNemPCyze9yjqtmiHBASp92xexf8ab xZJA3xYlifUgY0+ScEYKqE9ln+ETUW5WMq5Q+8ck57anAKdRYtDagtnlEAP8e0vp 7ICa6SKr9QHGgFSxednNFSl2sKVnrt4Vwpyk4lwtJiTsRuP53aYYTkxA8hUY+fdb vORbwNbkJxs= =9A1T -----END PGP SIGNATURE-----