-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: libapache-mod-jk Binary: libapache2-mod-jk, libapache-mod-jk-doc Architecture: any all Version: 1:1.2.37-4+deb8u1 Maintainer: Debian Java Maintainers <[email protected]> Uploaders: Damien Raude-Morvan <[email protected]> Homepage: http://tomcat.apache.org Standards-Version: 3.9.6 Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-java/trunk/libapache-mod-jk Vcs-Svn: svn://anonscm.debian.org/pkg-java/trunk/libapache-mod-jk Build-Depends: apache2-dev, autotools-dev, debhelper (>= 8.1.3~), dh-apache2, libtool Build-Depends-Indep: lynx, xsltproc Package-List: libapache-mod-jk-doc deb doc optional arch=all libapache2-mod-jk deb httpd optional arch=any Checksums-Sha1: 99e9ba0b2e72b28da7de6b14f103302e7b392a5d 1528647 libapache-mod-jk_1.2.37.orig.tar.gz 8e630adb50c290c2c4e67d7740a6eee27a68a250 13708 libapache-mod-jk_1.2.37-4+deb8u1.debian.tar.xz Checksums-Sha256: 38a92623ddd28b85bbf54cf77f4c867ccbebafb71233131471623691e4e751f9 1528647 libapache-mod-jk_1.2.37.orig.tar.gz 3ccedf8dbd4d2e9207fe60bc1933c08cefac21ed8e10da15c96f7b28abf87b9e 13708 libapache-mod-jk_1.2.37-4+deb8u1.debian.tar.xz Files: 64c3803477b47c5b7ef7f0e4a416e45e 1528647 libapache-mod-jk_1.2.37.orig.tar.gz d175d11f794de7b9f363c75ed077c943 13708 libapache-mod-jk_1.2.37-4+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVbLIhAAoJEAVMuPMTQ89EMZkP/ifsadzs9in9kNNvSGK34fGq A9r12jvm0zhYkx5wxAu//It0W+LK80dJJgbcqJmPRhE4GuC0h+/NxlfrRsWbiYnp /RSkv2SvXzXri0YKUnmGwabXqiLiMVvwCNlISAn6AJr3LFEEnpJKjPD6AA4ypcWw kQC1rdrxEkiLJ1uibM2+v3scegOMRQzCWpn6ZDZG3FxXKdQRXx4VKgRKegu7XQPS AlmRn7ocdg+X32+4N6QtOLchhGmoBocauUzKaNTqZVKBS4F0F1AA6RoJlz+nSEpW WgHaeb9AUDWaR/l0BXPpUhcyTTEDD8fg1+krmSSrh+yfRHzRtUGt/ZQu2Hdn1K4m zeqU4Igq5ceLkQEhW/Mp5UFzjmF0Vc/HWlMEgrzgcU4PDcs1OuWao5FI87/pUKvn C+fB1yCDv+w/Ll85YePy0UtJ/CCMVtt/LWgeYfYp61v20ekZ8LJ5jvmTxMtBjAze sYSeZFABEtZfoL8Z1MdxxTO8HpY5j7O0cdv5XETEYxaNqBHDTppMehfQV1GYsGAj g5meB3/G4NLEBydf5dHsDsROMoAqN+4n71bWNn0eJEyt8+Mrif9NWpXe3FR15D8v M+gLDBApzOfGcFWYLRKAInMJ6sb2ikOsm4LBW+j1t9+wykmrwMdU27r1z9g1f1Jz HZftYNQzlIjQgr1LBg8/ =yM3s -----END PGP SIGNATURE----- Changes: libapache-mod-jk (1:1.2.37-4+deb8u1) jessie-security; urgency=high * Team upload. * Add CVE-2014-8111.patch. (Closes: #783233) It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them. - Add option to control handling of multiple adjacent slashes in mount and unmount. New default is collapsing the slashes only in unmount. Before this change, adjacent slashes were never collapsed, so most mounts and unmounts didn't match for URLs with multiple adjacent slashes. - Configuration is done via new JkOption for Apache (values "CollapseSlashesAll", "CollapseSlashesNone" or "CollapseSlashesUnmount"). -- Markus Koschany <[email protected]> Sat, 23 May 2015 01:16:37 +0200
