[Pkg-apache-commits] r1342 - in /branches/squeeze-apache2: changelog mpm-itk/patches/10-nice.patch

sf at alioth.debian.org sf at alioth.debian.org
Mon Aug 29 18:21:03 UTC 2011 

Author: sf
Date: Mon Aug 29 18:21:03 2011
New Revision: 1342

URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=1342
Log:
fold in old 2.2.16-6+squeeze1 security release

Modified:
    branches/squeeze-apache2/changelog
    branches/squeeze-apache2/mpm-itk/patches/10-nice.patch

Modified: branches/squeeze-apache2/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/branches/squeeze-apache2/changelog?rev=1342&op=diff
==============================================================================
--- branches/squeeze-apache2/changelog (original)
+++ branches/squeeze-apache2/changelog Mon Aug 29 18:21:03 2011
@@ -1,4 +1,4 @@
-apache2 (2.2.16-6+squeeze1) UNRELEASED; urgency=low
+apache2 (2.2.16-6+squeeze2) UNRELEASED; urgency=low
 
   * Make exit code of '/etc/init.d/apache2 status' more LSB compatible.
     Closes: #613969
@@ -13,6 +13,14 @@
     in the apache2.2-bin package.
 
  -- Stefan Fritsch <sf at debian.org>  Sat, 26 Feb 2011 15:06:38 +0100
+
+apache2 (2.2.16-6+squeeze1) stable-security; urgency=high
+
+  * Fix CVE-2011-1176 in apache2-mpm-itk: If NiceValue was set, the default
+    with no AssignUserID was to run as root:root instead of the default Apache
+    user and group. Closes: #618857
+
+ -- Stefan Fritsch <sf at debian.org>  Tue, 22 Mar 2011 21:44:39 +0100
 
 apache2 (2.2.16-6) unstable; urgency=low
 

Modified: branches/squeeze-apache2/mpm-itk/patches/10-nice.patch
URL: http://svn.debian.org/wsvn/pkg-apache/branches/squeeze-apache2/mpm-itk/patches/10-nice.patch?rev=1342&op=diff
==============================================================================
--- branches/squeeze-apache2/mpm-itk/patches/10-nice.patch (original)
+++ branches/squeeze-apache2/mpm-itk/patches/10-nice.patch Mon Aug 29 18:21:03 2011
@@ -108,7 +108,7 @@
 +static void *itk_merge_dir_config(apr_pool_t *p, void *parent_ptr, void *child_ptr)
 +{
 +    itk_per_dir_conf *c = (itk_per_dir_conf *)
-+        apr_pcalloc(p, sizeof(itk_per_dir_conf));
++        itk_create_dir_config(p, NULL);
 +    itk_per_dir_conf *parent = (itk_per_dir_conf *) parent_ptr;
 +    itk_per_dir_conf *child = (itk_per_dir_conf *) child_ptr;
 +

More information about the Pkg-apache-commits mailing list