[apache2] 02/02: Merge branch 'jessie-security' into jessie

Stefan Fritsch sf at moszumanska.debian.org
Thu Jul 21 21:17:48 UTC 2016 

This is an automated email from the git hooks/post-receive script.

sf pushed a commit to branch jessie
in repository apache2.

commit 1bad5e1ba31312c45d6addac163a7ad34dc90dc5
Merge: 4a56dc7 114720a
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Thu Jul 21 23:16:20 2016 +0200

    Merge branch 'jessie-security' into jessie

 debian/changelog                   | 11 ++++++++++-
 debian/patches/CVE-2016-5387.patch | 17 +++++++++++++++++
 debian/patches/series              |  1 +
 3 files changed, 28 insertions(+), 1 deletion(-)

diff --cc debian/changelog
index f8179b1,2ee2e0f..6a8264f
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,22 -1,12 +1,31 @@@
- apache2 (2.4.10-10+deb8u5) UNRELEASED; urgency=medium
++apache2 (2.4.10-10+deb8u6) UNRELEASED; urgency=medium
 +
 +  * Fix race condition and logical error in init script. Thanks to Thomas
 +    Stangner for the patch. Closes: #822144
 +  * Remove links to manpages.debian.org in default index.html to avoid
 +    broken robots doing a DoS on the site. Closes: #821313
 +  * mod_socache_memcache: Increase idle timeout to 15s to allow keep-alive
 +    connections. Closes: #803035
 +  * mod_proxy_fcgi: Fix wrong behavior with 304 responses. Closes: #827472
 +  * Correct systemd-sysv-generator behavior by customizing some parameters.
 +    This fixes 'systemctl status' returning incorrect results.
 +    Closes: #827444
 +  * mod_proxy_html: Add missing config file mods-available/proxy_html.conf.
 +    This is intentionally not enabled during upgrade, to make it less
 +    likely to break existing setups. It will be enabled by a a2dismod/a2enmod
 +    cycle, though. Closes: #827258
 +
 + -- Stefan Fritsch <sf at debian.org>  Sat, 28 May 2016 11:23:21 +0200
 +
+ apache2 (2.4.10-10+deb8u5) jessie-security; urgency=high
+ 
+   * Non-maintainer upload by the Security Team.
+   * CVE-2016-5387: Sets environmental variable based on user supplied Proxy
+     request header.
+     Don't pass through HTTP_PROXY in server/util_script.c
+ 
+  -- Salvatore Bonaccorso <carnil at debian.org>  Wed, 20 Jul 2016 06:50:37 +0200
+ 
  apache2 (2.4.10-10+deb8u4) jessie; urgency=medium
  
    * Add versioned replaces/breaks for libapache2-mod-macro to apache2,
diff --cc debian/patches/series
index 91a75a4,cdbc019..58eacd9
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -18,5 -18,4 +18,6 @@@ define_restarts.dif
  mpm_event_graceful_restart_deadlock.diff
  mpm_event_crash.diff
  split_logfile-strict.patch
+ CVE-2016-5387.patch
 +mod_socache_memcache_idle_timeout.patch
 +mod_proxy_fcgi_304_body.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git

More information about the Pkg-apache-commits mailing list