[Pkg-apache-commits] r1163 - in /trunk/apache2: NEWS changelog

sf at alioth.debian.org sf at alioth.debian.org
Sun Mar 7 22:18:20 UTC 2010 

Author: sf
Date: Sun Mar  7 22:18:20 2010
New Revision: 1163

URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=1163
Log:
Add NEWS entry and rearrange changelog

Modified:
    trunk/apache2/NEWS
    trunk/apache2/changelog

Modified: trunk/apache2/NEWS
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/NEWS?rev=1163&op=diff
==============================================================================
--- trunk/apache2/NEWS (original)
+++ trunk/apache2/NEWS Sun Mar  7 22:18:20 2010
@@ -1,3 +1,14 @@
+apache2 (2.2.15-1) unstable; urgency=low
+
+  * This release adds and enables mod_reqtimeout, which limits the time
+    Apache waits for a client to send a complete request. This helps to
+    mitigate against certain denial of service attacks. In case of problems
+    with slow clients, the timeout values can be adjusted in
+    /etc/apache2/mods-available/reqtimeout.conf , or the module can be
+    disabled with "a2dismod reqtimeout".
+
+ -- Stefan Fritsch <sf at debian.org>  Sun, 07 Mar 2010 23:09:30 +0100
+
 apache2 (2.2.14-6) unstable; urgency=low
 
   * Apache now uses the environment variables APACHE_RUN_DIR, APACHE_LOCK_DIR,

Modified: trunk/apache2/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/changelog?rev=1163&op=diff
==============================================================================
--- trunk/apache2/changelog (original)
+++ trunk/apache2/changelog Sun Mar  7 22:18:20 2010
@@ -6,14 +6,14 @@
       prefix injection attack.
     - CVE-2010-0434: mod_headers: Fix potential information leak with threaded
       MPMs.
+    - mod_reqtimeout: New module limiting the time waiting for receiving
+      a request from the client. This is a (partial) mitigation against
+      slowloris-type resource exhaustion attacks. The module is enabled by
+      default. Closes: #533661
     - mod_ssl: Add SSLInsecureRenegotiation directive to allows insecure
       renegotiation with clients which do not yet support the secure
       renegotiation protocol. As this requires openssl 0.9.8m, bump
       build dependency accordingly.
-    - mod_reqtimeout: New module limiting the time waiting for receiving
-      a request from the client. This is a (partial) mitigation against
-      slowloris-type resource exhaustion attacks. The module is enabled by
-      default. Closes: #533661
   * Fix bash completion for a2ensite if the site name contains 'conf' or
     'load'. Closes: #572232
   * Do a configcheck in the init script before doing a non-graceful restart.

More information about the Pkg-apache-commits mailing list