[apache2] 02/02: Merge branch 'jessie-security' into jessie
Stefan Fritsch
sf at moszumanska.debian.org
Thu Jul 21 21:17:48 UTC 2016
This is an automated email from the git hooks/post-receive script.
sf pushed a commit to branch jessie
in repository apache2.
commit 1bad5e1ba31312c45d6addac163a7ad34dc90dc5
Merge: 4a56dc7 114720a
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Thu Jul 21 23:16:20 2016 +0200
Merge branch 'jessie-security' into jessie
debian/changelog | 11 ++++++++++-
debian/patches/CVE-2016-5387.patch | 17 +++++++++++++++++
debian/patches/series | 1 +
3 files changed, 28 insertions(+), 1 deletion(-)
diff --cc debian/changelog
index f8179b1,2ee2e0f..6a8264f
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,22 -1,12 +1,31 @@@
- apache2 (2.4.10-10+deb8u5) UNRELEASED; urgency=medium
++apache2 (2.4.10-10+deb8u6) UNRELEASED; urgency=medium
+
+ * Fix race condition and logical error in init script. Thanks to Thomas
+ Stangner for the patch. Closes: #822144
+ * Remove links to manpages.debian.org in default index.html to avoid
+ broken robots doing a DoS on the site. Closes: #821313
+ * mod_socache_memcache: Increase idle timeout to 15s to allow keep-alive
+ connections. Closes: #803035
+ * mod_proxy_fcgi: Fix wrong behavior with 304 responses. Closes: #827472
+ * Correct systemd-sysv-generator behavior by customizing some parameters.
+ This fixes 'systemctl status' returning incorrect results.
+ Closes: #827444
+ * mod_proxy_html: Add missing config file mods-available/proxy_html.conf.
+ This is intentionally not enabled during upgrade, to make it less
+ likely to break existing setups. It will be enabled by a a2dismod/a2enmod
+ cycle, though. Closes: #827258
+
+ -- Stefan Fritsch <sf at debian.org> Sat, 28 May 2016 11:23:21 +0200
+
+ apache2 (2.4.10-10+deb8u5) jessie-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * CVE-2016-5387: Sets environmental variable based on user supplied Proxy
+ request header.
+ Don't pass through HTTP_PROXY in server/util_script.c
+
+ -- Salvatore Bonaccorso <carnil at debian.org> Wed, 20 Jul 2016 06:50:37 +0200
+
apache2 (2.4.10-10+deb8u4) jessie; urgency=medium
* Add versioned replaces/breaks for libapache2-mod-macro to apache2,
diff --cc debian/patches/series
index 91a75a4,cdbc019..58eacd9
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -18,5 -18,4 +18,6 @@@ define_restarts.dif
mpm_event_graceful_restart_deadlock.diff
mpm_event_crash.diff
split_logfile-strict.patch
+ CVE-2016-5387.patch
+mod_socache_memcache_idle_timeout.patch
+mod_proxy_fcgi_304_body.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list