-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: libapache-mod-jk Binary: libapache2-mod-jk, libapache-mod-jk-doc Architecture: any all Version: 1:1.2.37-1+deb7u1 Maintainer: Debian Java Maintainers <[email protected]> Uploaders: Damien Raude-Morvan <[email protected]> Homepage: http://tomcat.apache.org/ Standards-Version: 3.9.3 Vcs-Browser: http://svn.debian.org/wsvn/pkg-java/trunk/libapache-mod-jk/ Vcs-Svn: svn://svn.debian.org/svn/pkg-java/trunk/libapache-mod-jk Build-Depends: apache2-threaded-dev, autotools-dev, debhelper (>= 8.1.3~), libtool Build-Depends-Indep: lynx, xsltproc Package-List: libapache-mod-jk-doc deb doc optional libapache2-mod-jk deb httpd optional Checksums-Sha1: 99e9ba0b2e72b28da7de6b14f103302e7b392a5d 1528647 libapache-mod-jk_1.2.37.orig.tar.gz cf5e40ca23c9748adbd150efa7d1a64b8ecd2124 14967 libapache-mod-jk_1.2.37-1+deb7u1.debian.tar.gz Checksums-Sha256: 38a92623ddd28b85bbf54cf77f4c867ccbebafb71233131471623691e4e751f9 1528647 libapache-mod-jk_1.2.37.orig.tar.gz d2dfa1fe7e6b847ef4bdb95f0e7036bbfb25dd235b1bbf57fab3a54925478220 14967 libapache-mod-jk_1.2.37-1+deb7u1.debian.tar.gz Files: 64c3803477b47c5b7ef7f0e4a416e45e 1528647 libapache-mod-jk_1.2.37.orig.tar.gz 229b7cc7e92d979429066877a6f1daee 14967 libapache-mod-jk_1.2.37-1+deb7u1.debian.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVbLSGAAoJEAVMuPMTQ89EkjIP/jwLwLbOuENGy5VNoxRknD57 YrtjV+nSZeS75WFy2jr0tNpsoydC4lrPcwlBZj/2NSRgquU9EAXLCzvRKAw9InVw nO14pl2FS5+XV5JrAszNvxrhohBcGXrK7PLM4yEcdajWlKfUoV560FOO2fiMpRaA fVGn/gMOAHnZ3yFuFoVWvCZpJjF+eM8qnqqrZo3BS/tXsT5BS1HsHwyF00Qn6hN4 u2pnAh5jU+NHwjInyEIJ9CfHyublPW0J5+KLR4WwaO8iN0zf/4K99C12GWX9eVYz U9soEeKNH+V6bxnJ0M0SRujy2ZT9JOMK2KAnqqKLejDEIFt6jTaD6+i7AFouTK7r rBvL4M9eFabQiTtTpHc2QosWwG/roIyVdi4Kginc967r7gFQOr4STy9FbQSkpEIG 7XRN697mJJ3lhp1p3FXo+gekLki6B3vfPzuWV+EegFg0i9XvNoxi9aK8VoUkKO56 bKkE7Xj2dHiFHrzR6AgaijfDzcyV23RbLuzUIVxA2VUzoIhcP22DnkaCN19/dnXW dSVaM2Y6lyobibaB/JzRsRdLvX4/mB+sVxkorEVgR9K73efz2G/d09iU1c5SF3UL voSE7SlUlLijEvn9vUhMorW/Rk/zuJo49st3AnqXowtj+ArmcYtWkDsP1pbFx5ip nfiU9/ub6LGeqgbeUR5p =t+aM -----END PGP SIGNATURE----- Changes: libapache-mod-jk (1:1.2.37-1+deb7u1) wheezy-security; urgency=high * Team upload. * Add CVE-2014-8111.patch. (Closes: #783233) It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them. - Add option to control handling of multiple adjacent slashes in mount and unmount. New default is collapsing the slashes only in unmount. Before this change, adjacent slashes were never collapsed, so most mounts and unmounts didn't match for URLs with multiple adjacent slashes. - Configuration is done via new JkOption for Apache (values "CollapseSlashesAll", "CollapseSlashesNone" or "CollapseSlashesUnmount"). -- Markus Koschany <[email protected]> Sat, 23 May 2015 23:33:30 +0200
