-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 3.0 (quilt) Source: apache2 Binary: apache2.2-common, apache2.2-bin, apache2-mpm-worker, apache2-mpm-prefork, apache2-mpm-event, apache2-mpm-itk, apache2-utils, apache2-suexec, apache2-suexec-custom, apache2, apache2-doc, apache2-prefork-dev, apache2-threaded-dev, apache2-dbg Architecture: any all Version: 2.2.22-13+deb7u4 Maintainer: Debian Apache Maintainers <[email protected]> Uploaders: Stefan Fritsch <[email protected]>, Steinar H. Gunderson <[email protected]>, Arno Töll <[email protected]> Homepage: http://httpd.apache.org/ Standards-Version: 3.9.3 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-apache/apache2.git Vcs-Git: git://git.debian.org/git/pkg-apache/apache2.git Build-Depends: debhelper (>= 8.9.7~), lsb-release, libaprutil1-dev (>= 1.3.4), libapr1-dev, openssl, libpcre3-dev, mawk, zlib1g-dev, libssl-dev (>= 1.0.1e-2+deb7u8), sharutils, libcap-dev [linux-any], autoconf, autotools-dev Build-Conflicts: autoconf2.13 Package-List: apache2 deb httpd optional apache2-dbg deb debug extra apache2-doc deb doc optional apache2-mpm-event deb httpd optional apache2-mpm-itk deb httpd extra apache2-mpm-prefork deb httpd optional apache2-mpm-worker deb httpd optional apache2-prefork-dev deb httpd extra apache2-suexec deb httpd optional apache2-suexec-custom deb httpd extra apache2-threaded-dev deb httpd extra apache2-utils deb httpd optional apache2.2-bin deb httpd optional apache2.2-common deb httpd optional Checksums-Sha1: bf3bbfda967ac900348e697f26fe86b25695efe9 7200529 apache2_2.2.22.orig.tar.gz 4910db7b7777e0930f50adc4f2ba9bd16386ae47 218049 apache2_2.2.22-13+deb7u4.debian.tar.gz Checksums-Sha256: 74c1ffffefe1a502339b004ad6488fbd858eb425a05968cd67c05695dbc0fe7c 7200529 apache2_2.2.22.orig.tar.gz c4dbf8b4e8b62ae4bb59bce73de99b0cc84d337e516ee300936db6184c921c78 218049 apache2_2.2.22-13+deb7u4.debian.tar.gz Files: d77fa5af23df96a8af68ea8114fa6ce1 7200529 apache2_2.2.22.orig.tar.gz 042c983543445d9bcfc67c2856c543ad 218049 apache2_2.2.22-13+deb7u4.debian.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBVJw47MaHXzVBzv3gAQivNhAAmcCK53Tb1DuthhmubjmevYQqFZziaZIm RJ+qqymq8/B6IIHC1PUsrhVjz2O/kjSVfa0OEkNDHJTxM51Q0vHcn5m6qdOpMOQ0 fHEkrlrrlmRd+2o8xnztNHLcO21Pf9ClywCio5uOJ5R+EIws/jaz4Je4nEhLnS7N 2PJ3TG+caHjJOWBrCX6hzOgaXYbdsdxQX25giRfzn6uDlbsr0UvY/j5Jk7VhTW1z tYaYHcvhW4hTbfUNl52BXeW0ZWtM8F0O6XHS2LjQvQ1iY8c3tBBkUuqILdoYjHsI fvE4MU2L20QMusYXKGlHxQBb6au6VsU4h7HhfKyRdVLUQ4/vSsofnggGNlmfNBf0 V85kKG8uYHYXJwQbyLnIXNYP8CPVhx/OOD7Vasx4yoLVl2q7U3IWcstUzbhFDozf qdqUhUAsRE3cxY7eULayXvrhq/v2t0TFT4HRxdU57D4vCD07nY/d9n0AFbygClZu /gVo27dRDMR9xdaiYfqu/PpuGRSAP4KgMdGTDiIwq3zUKCcvtnDtVzvjO/5gyQ2k M2Ty/ToXC6kqCd7U6VFQ8Z51deX5OAjMqv8iBYP4aSizDc0Mx6NOVKc8+jtNeiMa 1rgF48d7u0UTmJoBJi5Ei2ZD1O8mg2NVsEeFYJpffTFuMFKTOS35a4wMxcYdyYYd FM7MYZ6yi/Y= =wD3l -----END PGP SIGNATURE----- Changes: apache2 (2.2.22-13+deb7u4) wheezy; urgency=medium * CVE-2013-5704: Fix handling of chunk trailers. A remote attacker could use this flaw to bypass intended mod_headers restrictions, allowing them to send requests to applications that include headers that should have been removed by mod_headers. The new behavior is to not merge trailers into the headers autmatically. A new directive "MergeTrailers" is introduced to restore the old behavior. * Fix hostname comparison with SNI to be case insensitive. Closes: #771199 * Fix valule of SSL_CLIENT_S_DN_UID in mod_ssl (broken in 2.2.15). Closes: #773841 * Add paragraph about session ticket key life-time and forward secrecy to README.Debian. Closes: #762619 -- Stefan Fritsch <[email protected]> Tue, 23 Dec 2014 23:44:24 +0100
