-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 30 May 2015 14:54:17 +0200 Source: libapache-mod-jk Binary: libapache2-mod-jk libapache-mod-jk-doc Architecture: source amd64 all Version: 1:1.2.30-1squeeze2 Distribution: squeeze-lts Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@gambaru.de> Description: libapache-mod-jk-doc - Documentation of libapache2-mod-jk package libapache2-mod-jk - Apache 2 connector for the Tomcat Java servlet engine Closes: 783233 Changes: libapache-mod-jk (1:1.2.30-1squeeze2) squeeze-lts; urgency=high . * Team upload. * Add CVE-2014-8111.patch. (Closes: #783233) It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them. - Add option to control handling of multiple adjacent slashes in mount and unmount. New default is collapsing the slashes only in unmount. Before this change, adjacent slashes were never collapsed, so most mounts and unmounts didn't match for URLs with multiple adjacent slashes. - Configuration is done via new JkOption for Apache (values "CollapseSlashesAll", "CollapseSlashesNone" or "CollapseSlashesUnmount"). Checksums-Sha1: 8d5dddce79011cfc20ae3d2baa997d07df295b58 1744 libapache-mod-jk_1.2.30-1squeeze2.dsc b57591b951087d9502598b7ed6a018afa6169bba 27160 libapache-mod-jk_1.2.30-1squeeze2.debian.tar.gz 6c98e16119527b77689bf085de24823bb62e6352 149872 libapache2-mod-jk_1.2.30-1squeeze2_amd64.deb 5d0fdbb12a79936035ca3a44ca46ded0467ab67c 198866 libapache-mod-jk-doc_1.2.30-1squeeze2_all.deb Checksums-Sha256: 227bb12286f4c8fdfd4028c61c486ed2a4feebd5898349ea2a6dab4c60bf307d 1744 libapache-mod-jk_1.2.30-1squeeze2.dsc 74ae308272d61c1576d3ab462746ae43cdb13660e5a9056e42ab6f25ceefb80e 27160 libapache-mod-jk_1.2.30-1squeeze2.debian.tar.gz 31284d2e5f591e74bf6fe0b8299bd97be995c2c0e7355b48219514debffeb7a0 149872 libapache2-mod-jk_1.2.30-1squeeze2_amd64.deb 6019a3dd06d098cd0d155b3c4994424423df4fa8f57cca8179a2a2f7428372b2 198866 libapache-mod-jk-doc_1.2.30-1squeeze2_all.deb Files: 451bdd8c8783af9d5c5b4fe2b3e798ba 1744 web optional libapache-mod-jk_1.2.30-1squeeze2.dsc 51cefd9cfeccbcb9a7536e321f5755be 27160 web optional libapache-mod-jk_1.2.30-1squeeze2.debian.tar.gz 4bf17109c88f5c3da583fb884b37e66b 149872 web optional libapache2-mod-jk_1.2.30-1squeeze2_amd64.deb f05811464da69440a2d257127981e0af 198866 doc optional libapache-mod-jk-doc_1.2.30-1squeeze2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Signed by Raphael Hertzog iQEcBAEBCAAGBQJVdxE8AAoJEAOIHavrwpq50cUH/0oqxdFCWbHJ3DuFH+QuyjEv EkT9j6mmbsuBl4ZQuF408SjvWzd/51KGgh2NYriN4WKLNgGOqznHPxAAwsfRciT8 WxwbUgCG0UMbM0WjzMuoZH4BvI/Wa6oeOA292dgO8GB3oZhTQGwVcuqftLrlnaIu jT/S8CYaHeVHSLW3lrZ0oc6JwX1dq6VDkZ39bcH1SR7pq0fqLCcqux3UpToba9Fb gmFrgzMxHRAAKMoDkZSPbSpONtuKMZsoWclxDG0FHmE1B92Gvl+xg9r/H1Yh+9VJ yaHmGRGn39oIDsG0xPQHKef8+pADYEuIUJ3PN4lxRMT6MotJjbjDvgdoTZBA9YQ= =eop/ -----END PGP SIGNATURE-----