-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 23 Dec 2014 23:44:24 +0100 Source: apache2 Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg Architecture: source amd64 all Version: 2.2.22-13+deb7u4 Distribution: wheezy Urgency: medium Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-itk - multiuser MPM for Apache 2.2 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-bin - Apache HTTP Server common binary files apache2.2-common - Apache HTTP Server common files Closes: 762619 771199 773841 Changes: apache2 (2.2.22-13+deb7u4) wheezy; urgency=medium . * CVE-2013-5704: Fix handling of chunk trailers. A remote attacker could use this flaw to bypass intended mod_headers restrictions, allowing them to send requests to applications that include headers that should have been removed by mod_headers. The new behavior is to not merge trailers into the headers autmatically. A new directive "MergeTrailers" is introduced to restore the old behavior. * Fix hostname comparison with SNI to be case insensitive. Closes: #771199 * Fix valule of SSL_CLIENT_S_DN_UID in mod_ssl (broken in 2.2.15). Closes: #773841 * Add paragraph about session ticket key life-time and forward secrecy to README.Debian. Closes: #762619 Checksums-Sha1: 989077010d72cf3360ec0142919aa0e67042d286 2899 apache2_2.2.22-13+deb7u4.dsc 4910db7b7777e0930f50adc4f2ba9bd16386ae47 218049 apache2_2.2.22-13+deb7u4.debian.tar.gz a318d750e1f523d0d30602926fbb1817bf9e1cc7 292630 apache2.2-common_2.2.22-13+deb7u4_amd64.deb 6102f00be2cf6feb27f9bba1c1cd7252f9f551c2 786136 apache2.2-bin_2.2.22-13+deb7u4_amd64.deb ac7e739769a2443a62a0c80d9a4073253218381b 2238 apache2-mpm-worker_2.2.22-13+deb7u4_amd64.deb 453aa0874a5b8b3fc349c8b4027f7f7ded4e1cef 2346 apache2-mpm-prefork_2.2.22-13+deb7u4_amd64.deb ad728f5ef22086b9272fa3b84647efa562d25472 2304 apache2-mpm-event_2.2.22-13+deb7u4_amd64.deb 32271e60e2b8459a56832ac854124cbbf1b08992 2330 apache2-mpm-itk_2.2.22-13+deb7u4_amd64.deb bad4d629f63bb4eef9034c1bf4745d4ef2d2d070 163400 apache2-utils_2.2.22-13+deb7u4_amd64.deb 386a676a51c2d7f81d7d17c9a6c4d72efb39a13d 106956 apache2-suexec_2.2.22-13+deb7u4_amd64.deb ce5a51d7fbb70aff3854a23d37486fd7fb3f92fc 108466 apache2-suexec-custom_2.2.22-13+deb7u4_amd64.deb a5c535fea65b9773f71812313500993fe7dda1c8 1440 apache2_2.2.22-13+deb7u4_amd64.deb 24a53bd2985c5625b6cb4fc614cbf0ce417ec8e5 1775012 apache2-doc_2.2.22-13+deb7u4_all.deb 61ddb0e5f5a4fdd98fee3294d7f1059029b0340b 114606 apache2-prefork-dev_2.2.22-13+deb7u4_amd64.deb bf1e6a90476990e865490e4943ba69b03be08235 115444 apache2-threaded-dev_2.2.22-13+deb7u4_amd64.deb dd25cf50946d41e5a414e1f6e5d6cc785e54d0fe 1724370 apache2-dbg_2.2.22-13+deb7u4_amd64.deb Checksums-Sha256: 256e8d59f1d5f71cdbc2642003333b77aa0039b24c817584bee0e7e4eb4c400d 2899 apache2_2.2.22-13+deb7u4.dsc c4dbf8b4e8b62ae4bb59bce73de99b0cc84d337e516ee300936db6184c921c78 218049 apache2_2.2.22-13+deb7u4.debian.tar.gz c5b4cae9633e9f996201c4a77f403abc5539a1e445b576afd365d0efc8241ca4 292630 apache2.2-common_2.2.22-13+deb7u4_amd64.deb b831b9dad8a6bc2a284800a10e86b028562c01aebe6480d7e4985d3dbe28e3ea 786136 apache2.2-bin_2.2.22-13+deb7u4_amd64.deb d648be3d4f6b3b38e29d97268bfe4d291a4b29fa89fcb2fac318c44242dc5d5b 2238 apache2-mpm-worker_2.2.22-13+deb7u4_amd64.deb 50e885d34fadeeb7ca9a376f4cf5efa679cd95ba6a54da9a3b09dc0ce94ed55b 2346 apache2-mpm-prefork_2.2.22-13+deb7u4_amd64.deb 42867d366930d259845a2b4402a779641deaf698b0ce980c556585877b0e5545 2304 apache2-mpm-event_2.2.22-13+deb7u4_amd64.deb 75423e4e47d7b166a1b2a44c17c1de261570fcedf99cc704aa33c14fcf98bc97 2330 apache2-mpm-itk_2.2.22-13+deb7u4_amd64.deb d92780ea8f0eb55f5664351081d5e4282774ab70d8bc69fe6fd724c16d91154d 163400 apache2-utils_2.2.22-13+deb7u4_amd64.deb 6a149fff7cf79800b67851fef6870e1e899d79f516335a7acad4390a8bee9660 106956 apache2-suexec_2.2.22-13+deb7u4_amd64.deb 8396c5c46c225e4838590eb01a18b8059c9cbb9af69955bcad2105041bce0050 108466 apache2-suexec-custom_2.2.22-13+deb7u4_amd64.deb 2c1cf0f5f5928655e6d0f82b052e8b154ea422dadf1a16acb417f5abcab493ae 1440 apache2_2.2.22-13+deb7u4_amd64.deb ebc136a630be29c1c4ef7005bb5b15e3a47e3394e8f60b707101c5220b17687c 1775012 apache2-doc_2.2.22-13+deb7u4_all.deb 069fc587d6e6ca4b1ee8ef5f3673cec6e616283702eac3c493de1adb16d337d6 114606 apache2-prefork-dev_2.2.22-13+deb7u4_amd64.deb 0775a4a82c0ce3fc58de4d4c1111d0fc43855923e2260c2ffc258e5b24d7ca37 115444 apache2-threaded-dev_2.2.22-13+deb7u4_amd64.deb 6f57dd62d5f6ca279caca66ed617b29c689435e9931911b07381f1ab2855ef45 1724370 apache2-dbg_2.2.22-13+deb7u4_amd64.deb Files: f3d2bb9de59d2d7d7532be32aee1b39f 2899 httpd optional apache2_2.2.22-13+deb7u4.dsc 042c983543445d9bcfc67c2856c543ad 218049 httpd optional apache2_2.2.22-13+deb7u4.debian.tar.gz 2cdfbadb6e22e3f195f251abfc02590b 292630 httpd optional apache2.2-common_2.2.22-13+deb7u4_amd64.deb 885aa5d446fee300a5be5de8f6f811fe 786136 httpd optional apache2.2-bin_2.2.22-13+deb7u4_amd64.deb eb77921495c268c6de7791a89d5443b8 2238 httpd optional apache2-mpm-worker_2.2.22-13+deb7u4_amd64.deb ea3f080e33aa27e3c065761bd5148ad8 2346 httpd optional apache2-mpm-prefork_2.2.22-13+deb7u4_amd64.deb 4cfb61ee826ae80c98d613928cfaf4f7 2304 httpd optional apache2-mpm-event_2.2.22-13+deb7u4_amd64.deb 8a7eb36dd1eac71d2196b75ff5d7eeed 2330 httpd extra apache2-mpm-itk_2.2.22-13+deb7u4_amd64.deb 47bffaa060a7fa15d767ad60c285b035 163400 httpd optional apache2-utils_2.2.22-13+deb7u4_amd64.deb 932ec14ea96ca9e1d32b6b3bf18fce87 106956 httpd optional apache2-suexec_2.2.22-13+deb7u4_amd64.deb 703fcf0e3d56b47f157361cd75268d66 108466 httpd extra apache2-suexec-custom_2.2.22-13+deb7u4_amd64.deb 00e353b128dc04c101e7399a87901882 1440 httpd optional apache2_2.2.22-13+deb7u4_amd64.deb 7779c73f0286bcb6cbb48b608c6af180 1775012 doc optional apache2-doc_2.2.22-13+deb7u4_all.deb e89780b1826ddffa64d5cd28a792f8a8 114606 httpd extra apache2-prefork-dev_2.2.22-13+deb7u4_amd64.deb 5b2ab63b73686dc5404500cd8bfa9094 115444 httpd extra apache2-threaded-dev_2.2.22-13+deb7u4_amd64.deb b2b02a31c6f66b2522ba01d83f8a6484 1724370 debug extra apache2-dbg_2.2.22-13+deb7u4_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBVJw488aHXzVBzv3gAQinWQ/9FkTdVJQNlo1AfB7CAspsfWJ6iK0rMyAh Pa5mV0+kpTqmEHPXEXxs40/Tie0NptP5pVB95ezGOCbr3ADFGCcWMButOkpIxFIJ yh0yu2qfgETRPLvPpgoJ1/Z7FH1MgBur9UoQyfej63WIbmtChhdMIAHOKpnsvGsp Sf83ovA2fpx51UtXB+O8orXOdK77yfWzHzi2h6gj+8mR5oiKSeOwglSBfZpv/v6y daB+62W9tPmWreojUnII94UympArnsmkJtnpFVAi70ehm/vNTsOgQM9ZDUvxukVs 2aVj9AsUodfM/OZaTPYeYSie4NBDrpMe6EcB15y5wLnnur546nC7ehzjkk9K7RBc y4esycXLBguTgydkcaVTlgn+V/7//dS9bwCyHLrVz8xcD2ulemw30FYrVVvERgMS a/Ou5Y26isyAoF/jWgVaD/WKLXUllzR3uiez1mhN4sdt/TcrjvHyoTZZdk//OaRC JqbaEUvokxTKMtJXGgDhqcfA6krfFDb9AD0yh4eTixG2JLQrrQKoHWp9ApMaBflL L++3H8XTKJPAsO3KNwumSKx6PgoOIIKCYB7czz3ojJnweYui9WQCY0yEWZEGSRo9 vZfOmjaxjYv945YtAWQwve2GX98o9Vcxuqh/97GHYF96VVOOc/xYOymsoG5r623j AGAUtbJ2I9M= =16vY -----END PGP SIGNATURE-----