-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 3.0 (quilt) Source: apache2 Binary: apache2.2-common, apache2.2-bin, apache2-mpm-worker, apache2-mpm-prefork, apache2-mpm-event, apache2-mpm-itk, apache2-utils, apache2-suexec, apache2-suexec-custom, apache2, apache2-doc, apache2-prefork-dev, apache2-threaded-dev, apache2-dbg Architecture: any all Version: 2.2.22-13+deb7u5 Maintainer: Debian Apache Maintainers <[email protected]> Uploaders: Stefan Fritsch <[email protected]>, Steinar H. Gunderson <[email protected]>, Arno Töll <[email protected]> Homepage: http://httpd.apache.org/ Standards-Version: 3.9.3 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-apache/apache2.git Vcs-Git: git://git.debian.org/git/pkg-apache/apache2.git Build-Depends: debhelper (>= 8.9.7~), lsb-release, libaprutil1-dev (>= 1.3.4), libapr1-dev, openssl, libpcre3-dev, mawk, zlib1g-dev, libssl-dev (>= 1.0.1e-2+deb7u8), sharutils, libcap-dev [linux-any], autoconf, autotools-dev Build-Conflicts: autoconf2.13 Package-List: apache2 deb httpd optional apache2-dbg deb debug extra apache2-doc deb doc optional apache2-mpm-event deb httpd optional apache2-mpm-itk deb httpd extra apache2-mpm-prefork deb httpd optional apache2-mpm-worker deb httpd optional apache2-prefork-dev deb httpd extra apache2-suexec deb httpd optional apache2-suexec-custom deb httpd extra apache2-threaded-dev deb httpd extra apache2-utils deb httpd optional apache2.2-bin deb httpd optional apache2.2-common deb httpd optional Checksums-Sha1: bf3bbfda967ac900348e697f26fe86b25695efe9 7200529 apache2_2.2.22.orig.tar.gz 190b1e8f102d5f8160ecac921dc1a7b214a701de 237472 apache2_2.2.22-13+deb7u5.debian.tar.gz Checksums-Sha256: 74c1ffffefe1a502339b004ad6488fbd858eb425a05968cd67c05695dbc0fe7c 7200529 apache2_2.2.22.orig.tar.gz bdf67991a8e6a64f1d3ca4edd5df97046a1a113ff47385873717ce6462aefcf7 237472 apache2_2.2.22-13+deb7u5.debian.tar.gz Files: d77fa5af23df96a8af68ea8114fa6ce1 7200529 apache2_2.2.22.orig.tar.gz effdb2eeb3af4a680356ae08930bf685 237472 apache2_2.2.22-13+deb7u5.debian.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBVb0rGsaHXzVBzv3gAQhwRg//bWHiMJ30tIozNmI8ZYlPFvPcAqpZxCDw em5GyxcxwAFpWBuD98jqDvCY1KNsxj4XEAbnCL6UYEzJnF8SAIxy31pDa2FdoxRw zfJkxysWasFrs1hIeG+dUiEc7QdcJfyi3bdvod5BfdBZ8ADzspcPLoXodB8dzDfF A3aB6x66GqZ0HiUqt348Qql1Ia13bT8jnjLMtBn8c4oIQ541ylpyODDU8Hu1eNsy 19AfqLvvQRwV46mcG2wTlRYaoQdv0fE40MYevr8nCTffCcXPfz29m+1IBRHvNJsh yu/aynfgFK0jCE8LXrW6UfH5bJUgc8WQCUTl75hIkBerFj4FwL1hAAuUNX78hEOb LU0EJhzpmFOlpyguuXllmqophAqw3U7adgg6sNGsLbaq7Lf0SSipPwVXRnm84QOv 378YcFSi4Bq4XyEi8kp7Qn3j5x7Sl3Qsjw+AC8PC+IptI6Q5A9Nx9XqsknWrnLQU V2LTKyZfOiQ2Y5JPyiEQLuQiPndjCHyynoZb2O3ayvX8NmeUoMOdVrwjvN1nO2bX EWRr4ogD1hqhy1wOlSBdHOYAXCTBUavZJz/f8bxo6srfjdWmmQOA14j6LMUF3PYQ S2MvhnlwV0b0GbjjksMc+eNVeCT5e2U3nB8P9h+Yph2iHauA/S9oozx41nD3CYCT D9CjGhS1KNM= =VFvW -----END PGP SIGNATURE----- Changes: apache2 (2.2.22-13+deb7u5) wheezy-security; urgency=medium * CVE-2015-3183: Fix request smuggling via chunked transfer encoding. Backported by Marc Deslauriers. * Don't limit default DH parameters to 1024 bits. Closes: #780398 This may cause problems with some Java based clients. A work-around is to configure these client not to use DHE key exchange but use ECDHE or RSA instead. A server-side work-around that limits the DH parameters to 1024 bits for all clients is described at http://httpd.apache.org/docs/trunk/ssl/ssl_faq.html#javadh . * Backport support for adding DH parameters to the SSLCertificateFile. -- Stefan Fritsch <[email protected]> Sat, 01 Aug 2015 22:08:57 +0200
