-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 01 Aug 2015 22:08:57 +0200 Source: apache2 Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg Architecture: source amd64 all Version: 2.2.22-13+deb7u5 Distribution: wheezy-security Urgency: medium Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-itk - multiuser MPM for Apache 2.2 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-bin - Apache HTTP Server common binary files apache2.2-common - Apache HTTP Server common files Closes: 780398 Changes: apache2 (2.2.22-13+deb7u5) wheezy-security; urgency=medium . * CVE-2015-3183: Fix request smuggling via chunked transfer encoding. Backported by Marc Deslauriers. * Don't limit default DH parameters to 1024 bits. Closes: #780398 This may cause problems with some Java based clients. A work-around is to configure these client not to use DHE key exchange but use ECDHE or RSA instead. A server-side work-around that limits the DH parameters to 1024 bits for all clients is described at http://httpd.apache.org/docs/trunk/ssl/ssl_faq.html#javadh . * Backport support for adding DH parameters to the SSLCertificateFile. Checksums-Sha1: 6a7b970edbe773f90a61e85afd3ac98e727bf005 2899 apache2_2.2.22-13+deb7u5.dsc 190b1e8f102d5f8160ecac921dc1a7b214a701de 237472 apache2_2.2.22-13+deb7u5.debian.tar.gz f1fd132fd5b5d4faff07c3a5111c3cc64552b5d3 293100 apache2.2-common_2.2.22-13+deb7u5_amd64.deb c13235f7733405df64f8c7546343c21fede1822d 791720 apache2.2-bin_2.2.22-13+deb7u5_amd64.deb e1ed07182141b70654b406fb5d75efd57a12c6dd 2242 apache2-mpm-worker_2.2.22-13+deb7u5_amd64.deb d66787eea63079ace672f4a16b9401404dec9d0d 2346 apache2-mpm-prefork_2.2.22-13+deb7u5_amd64.deb a87f661b864a24b4bf8949a75c5b66d3a709a7e4 2308 apache2-mpm-event_2.2.22-13+deb7u5_amd64.deb 25c69b6c50cf0fd514544f919cf731d6a647f093 2338 apache2-mpm-itk_2.2.22-13+deb7u5_amd64.deb 7761e1cd68b61466a17103c9ca63baa390452fe9 163484 apache2-utils_2.2.22-13+deb7u5_amd64.deb 1d01cbbc6cc97eb2783967ee20b795c515fa87be 107232 apache2-suexec_2.2.22-13+deb7u5_amd64.deb c59d86be77d2b0c87a0c6df5588d97463b15c60f 108714 apache2-suexec-custom_2.2.22-13+deb7u5_amd64.deb 966beb95dc50cec961c95e1bcd81ab6a5e6f34ea 1430 apache2_2.2.22-13+deb7u5_amd64.deb 9b2b336acba04840707de51c0a6b755e5d5f880c 1776440 apache2-doc_2.2.22-13+deb7u5_all.deb fefcb3ddb583eaca01b3bb0735e0fe28c6e35dad 114614 apache2-prefork-dev_2.2.22-13+deb7u5_amd64.deb ab55f9e0ba2f642e908aba8d3740a4dde80dec30 115476 apache2-threaded-dev_2.2.22-13+deb7u5_amd64.deb 1012a2405a441fc1aae5bc9df2a67868f749b7f6 1726910 apache2-dbg_2.2.22-13+deb7u5_amd64.deb Checksums-Sha256: 08ea9d1d59f5a3678491ae0986ae1146924871660b7adc049562f544798039aa 2899 apache2_2.2.22-13+deb7u5.dsc bdf67991a8e6a64f1d3ca4edd5df97046a1a113ff47385873717ce6462aefcf7 237472 apache2_2.2.22-13+deb7u5.debian.tar.gz 0ae401a5991585b8ff993a7df30662d057151f4c81009077f0f8d976d1639e94 293100 apache2.2-common_2.2.22-13+deb7u5_amd64.deb 3dd0041fc76d98e2eaf998ad6862347669716e8a78c16fe9482df76be25dd19f 791720 apache2.2-bin_2.2.22-13+deb7u5_amd64.deb e7d53d119e8d3b0547f7e73ba0c5eb82ae1ac354aead838740257426d74c0cee 2242 apache2-mpm-worker_2.2.22-13+deb7u5_amd64.deb c738b636f66de82e8e865c4cf2ce55e2ace2bbb873983a205b2a0e92384ced68 2346 apache2-mpm-prefork_2.2.22-13+deb7u5_amd64.deb f0227a302eea8768f10932a4b0a0fca8d8c2b3046559dfa69fe922828b2d22b9 2308 apache2-mpm-event_2.2.22-13+deb7u5_amd64.deb c9d7f95620242e62eba440d7c8236cce0b9e0ef0340c1718de79c051a4fc0059 2338 apache2-mpm-itk_2.2.22-13+deb7u5_amd64.deb 2b4ac4e41c3790527b2fd23cf589cc36992929a0e7f68f75e53cdbdc8ba3b69f 163484 apache2-utils_2.2.22-13+deb7u5_amd64.deb 3cfa82b2e5accd4181ca8fcd1b5f76f0057f5a799385cd8e073b752810453e68 107232 apache2-suexec_2.2.22-13+deb7u5_amd64.deb 0e52007f463b1113ccf23042309f672f3d1ba86ec65a34af9e98dbd7ca16d4c8 108714 apache2-suexec-custom_2.2.22-13+deb7u5_amd64.deb be1544c8a568b2398839c2b2cb3b2ca3f6ec72533ca0c7f812867e71c7bb7da9 1430 apache2_2.2.22-13+deb7u5_amd64.deb f29df96045a27f7f32bd3bbcc10e7a7320067cc06950c04e2b895a72f4a773e5 1776440 apache2-doc_2.2.22-13+deb7u5_all.deb 13345c499b3542992e3df89eae7e7be68dba0b334891890301fec031d9b89358 114614 apache2-prefork-dev_2.2.22-13+deb7u5_amd64.deb b9c9ff5cc5a5a48e2d856bb3c5d389df9befc41d7acf3fb4f4f0eda8a95dea94 115476 apache2-threaded-dev_2.2.22-13+deb7u5_amd64.deb c7ff6e3222b485f9c4478f927fabaf332f0f49821cd284ee701479e97817b0b4 1726910 apache2-dbg_2.2.22-13+deb7u5_amd64.deb Files: a65d603f59796ab9028109bd4ca5a312 2899 httpd optional apache2_2.2.22-13+deb7u5.dsc effdb2eeb3af4a680356ae08930bf685 237472 httpd optional apache2_2.2.22-13+deb7u5.debian.tar.gz 7fe0f47419454586d1058e25edabd91d 293100 httpd optional apache2.2-common_2.2.22-13+deb7u5_amd64.deb 8c4467bdfbf252950092e4ffe61d23c8 791720 httpd optional apache2.2-bin_2.2.22-13+deb7u5_amd64.deb 9e4eb4a933e7028df534804994618385 2242 httpd optional apache2-mpm-worker_2.2.22-13+deb7u5_amd64.deb 5ac255148b9a1230081a267d12758752 2346 httpd optional apache2-mpm-prefork_2.2.22-13+deb7u5_amd64.deb 737f037515a675d7479881af9af222f3 2308 httpd optional apache2-mpm-event_2.2.22-13+deb7u5_amd64.deb 049513ade4536bc118c6aa6b0f452e60 2338 httpd extra apache2-mpm-itk_2.2.22-13+deb7u5_amd64.deb 1bb68a5ef1094ce00c339219e59219e8 163484 httpd optional apache2-utils_2.2.22-13+deb7u5_amd64.deb 9e0e6fff7348a262c63271cbb8e33971 107232 httpd optional apache2-suexec_2.2.22-13+deb7u5_amd64.deb d96e174b3926b1fed08ae5ef4ae987ba 108714 httpd extra apache2-suexec-custom_2.2.22-13+deb7u5_amd64.deb 8bf992d341f750b6df16c23df0f8f964 1430 httpd optional apache2_2.2.22-13+deb7u5_amd64.deb 52000c890d6c95162d93acf47c011f53 1776440 doc optional apache2-doc_2.2.22-13+deb7u5_all.deb c736d4fa5805f1e4d8f4d35318ae4215 114614 httpd extra apache2-prefork-dev_2.2.22-13+deb7u5_amd64.deb 8d7f0fab4caa4c84977bae1c6a2fec23 115476 httpd extra apache2-threaded-dev_2.2.22-13+deb7u5_amd64.deb 12f37431ad7058cf89045ee7f7eca6a4 1726910 debug extra apache2-dbg_2.2.22-13+deb7u5_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBVb0rIcaHXzVBzv3gAQh8Ng//V7HOogEqY11sTXX6hetK8HJLVWStHWEB HE9E+lBNMAiHz6SjMd6c8PBGzNGYAmr7mgoZ7k0s9R9nb+myprF8WvNpEmADkr+3 KO5YHUrqufS3dZ6hUnAHIsLOeXRDEn8GssRCKX8svMNss5Dky4giRtB0poEqhF85 tk2wPiEMbquKE7uDiZcDnPlnrq06psKLLuV3YNbDn2P+1PgXNCAj1m7s88fQ9gKw b1/sTHlAbvjxm9a2z/pXvS8CmUaRvUjC/ZDqUpvfroQDwmmWN3KVlIou1ZuSdYCA S8yZvGz4Mem8HGQUwJHhoM8w3b/4CcA6u6qu6yqpjPVXW+38hyboOz6sY5EAtiyP Vhvyh0CP1QthmONDeyUYnJ87g4dL/muZrZRCNbOBAQ5iNt8SvBzidPIcTDuaa1Jn q87kZo4RefX7f8Y4qp5TrMHLnE/4NSXs6X8N/uLTLcCT62JqGgM6TO+yMH/BAHWA U/4A2xlpzgXSEeN5bkmAPi7RETNnWsidEjU8pCJQAqVxgjXwQO2T2ADU4BWZa5hP ammnkLeV1YWl/4bLS85v5TVO80B0lyoePrNcs5Oo9DZAgA2W+dZczbQAF+KIrSwG 4dGB14mwvcUQdWp+ww32sCMNbdZ1NFKuVOdvnulByM2D2ycEipyflerk9t6Bvivr LnHzbGGMRD0= =VzHA -----END PGP SIGNATURE-----