-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 05 Oct 2009 19:07:08 +0200 Source: apache2 Binary: apache2.2-common apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-src apache2-dbg Architecture: amd64 Version: 2.2.9-10+lenny5 Distribution: stable Urgency: low Maintainer: amd64 Build Daemon (brahms) Changed-By: Stefan Fritsch Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-src - Apache source code apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-common - Apache HTTP Server common files Closes: 517089 524268 528951 537665 545951 Changes: apache2 (2.2.9-10+lenny5) stable; urgency=low . * Minor security fixes in mod_proxy_ftp (closes: #545951): - DoS by malicious ftp server (CVE-2009-3094) - missing input sanitization: a user could execute arbitrary ftp commands on the backend ftp server (CVE-2009-3095) * Fix segfault in legacy ap_r* API which is triggered more often since the fix for CVE-2009-1891 was applied (closes: #537665). * Take care to not override existing index.shtml files when upgrading from before 2.2.8-1 (closes: #517089). * mod_deflate: Fix invalid etag to be emitted for on-the-fly gzip content-encoding. This prevented apache from sending "304 NOT MODIFIED" responses for compressed content. * mod_rewrite: Fix "B" flag breakage (closes: #524268) * Properly declare that apache2-suexec* replace files in old versions of apache2.2-common (closes: #528951). * Remove other_vhosts_access.log on package purge. Checksums-Sha1: 56a95f66f61663871e191160aa2da091f87cd25e 814520 apache2.2-common_2.2.9-10+lenny5_amd64.deb 47642abda2b8a8256b3f9e9f06c67fff10fc13cc 257794 apache2-mpm-worker_2.2.9-10+lenny5_amd64.deb 6172ff90612227d9a983813c489bad2348811ed4 253692 apache2-mpm-prefork_2.2.9-10+lenny5_amd64.deb ade42cd943e39c3873a60bbefc28939839ed3883 258326 apache2-mpm-event_2.2.9-10+lenny5_amd64.deb 4968a213d43ef40205444a998665b6eda4f0805e 145022 apache2-utils_2.2.9-10+lenny5_amd64.deb 9e87512c7a83fa05eda7360ea18fd91d34b38aa6 82482 apache2-suexec_2.2.9-10+lenny5_amd64.deb d1b20968fd8799fa377bdd2d5cb71c4bf3a724a8 84178 apache2-suexec-custom_2.2.9-10+lenny5_amd64.deb c88e17bdcf22cf788f35bf6ccef7015286f6c559 208692 apache2-prefork-dev_2.2.9-10+lenny5_amd64.deb d4ce462dc144cdab3c315253d43aef9076476da6 209668 apache2-threaded-dev_2.2.9-10+lenny5_amd64.deb b1e612452c796414a29cde5d843cb567f49cc4f5 2462778 apache2-dbg_2.2.9-10+lenny5_amd64.deb Checksums-Sha256: f547729afd03cf41f47a43d442645cd5503d524cb860b93a330480c234966dc9 814520 apache2.2-common_2.2.9-10+lenny5_amd64.deb adea6f3b8f743207faed342b725788b74d0eed0286e8b4a8a95293c1d16d9528 257794 apache2-mpm-worker_2.2.9-10+lenny5_amd64.deb d8021d9dd184b204545ee51c5fa93b167cd03b9cf8c5e1cce2a4dbcc17115e4f 253692 apache2-mpm-prefork_2.2.9-10+lenny5_amd64.deb 2842619ba36c25dd3800a92ac71b37f5a1b3b8cf40fd44ffd4776aa6afc22c64 258326 apache2-mpm-event_2.2.9-10+lenny5_amd64.deb 17290cdca3163606450de9670ffe04ae5a982824b7ab012f91e0b76ea8a6c0c2 145022 apache2-utils_2.2.9-10+lenny5_amd64.deb 7895b1ca2b8c3860384f01d91a04e17cf14c10eda3c10bfe6826b58baf30c221 82482 apache2-suexec_2.2.9-10+lenny5_amd64.deb 8664366a53da689e56315d5809d83fa4da8f70aed42f4aaa0dc37f28d5fd1661 84178 apache2-suexec-custom_2.2.9-10+lenny5_amd64.deb be3d5f7398f65d2a6a94f4469c895998a0e2720369301377cadfd93bee704db8 208692 apache2-prefork-dev_2.2.9-10+lenny5_amd64.deb 33b78879f9f4fc1edcb223d6e53c9a48e48ed78a7f5c84d329b8a6eb29ad7608 209668 apache2-threaded-dev_2.2.9-10+lenny5_amd64.deb 22641bba31de29bb605a016486dd0bf3b925d5cd56db4f9911c830237ae3f735 2462778 apache2-dbg_2.2.9-10+lenny5_amd64.deb Files: be5ffc8b6467a9e8cf834f0483119804 814520 web optional apache2.2-common_2.2.9-10+lenny5_amd64.deb 3424a5e2546c636416fd577b0264337d 257794 web optional apache2-mpm-worker_2.2.9-10+lenny5_amd64.deb f478fa3637504a69151199a8e43a5318 253692 web optional apache2-mpm-prefork_2.2.9-10+lenny5_amd64.deb d4649e2face33c3683e2610b63a597e9 258326 web optional apache2-mpm-event_2.2.9-10+lenny5_amd64.deb bb65b92bc6dcfc15a02c73907d836c2b 145022 web optional apache2-utils_2.2.9-10+lenny5_amd64.deb 2ab18f06855f8ce556d158a39c4f2737 82482 web optional apache2-suexec_2.2.9-10+lenny5_amd64.deb d8e387c1bfd04afa5841c4b01c043660 84178 web extra apache2-suexec-custom_2.2.9-10+lenny5_amd64.deb 5bd674be69049b625026303f7de37d5c 208692 devel extra apache2-prefork-dev_2.2.9-10+lenny5_amd64.deb dec03cd86375b033efed3167e29f8641 209668 devel extra apache2-threaded-dev_2.2.9-10+lenny5_amd64.deb eb24bee13e479c288911428521cc5066 2462778 libdevel extra apache2-dbg_2.2.9-10+lenny5_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkrZIL0ACgkQ6n7So0GVSSA/eQCggYRUEDP1TstpSR0RqMRMuv9X 2yoAoJfTG9Uky+uH10EAaE45u74tQDHt =fg2P -----END PGP SIGNATURE-----