[Pkg-apache-commits] [SCM] Debian packaging for apache2 (Apache HTTPD 2.x) branch, next, updated. debian/2.2.22-3-233-g72ed328

Arno Töll arno at debian.org
Mon May 28 20:30:16 UTC 2012 

The following commit has been merged in the next branch:
commit 72ed3286b71caeef84db2b03a16b232fef6e995c
Merge: 1ae155c52d293367abf14e6257528bb40a002dd0 dee1b6b74eb29fe008ed0a90806de162f91a9c0c
Author: Arno Töll <arno at debian.org>
Date:   Mon May 28 22:29:54 2012 +0200

    Merge branch 'next' of git+ssh://git.debian.org/git/pkg-apache/apache2 into next

diff --combined debian/changelog
index 25c012a,86c3c27..b17f65b
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,10 -1,17 +1,15 @@@
  apache2 (2.4.2-2) experimental; urgency=low
  
 -  * UNRELEASED
 -
    [ Stefan Fritsch ]
    * Explicitly enable mod_authz_core on upgrades. It can happen that it is
      not pulled in by any of the enabled modules, but we need it in any case
      for apache2.conf. Closes: #669876
    * Don't ship the changelogs in the apache2-mpm-itk transitional package.
+   * Make dh_apache2 only accept shell function names as conditional, to avoid
+     problems with shell and sed special characters.
+   * Add Replaces for the old mpm packages to apache2-bin. Closes: #671683
+   * Add transitional package for libapache2-mod-proxy-html. Closes: #666816
+   * Don't ship changelogs in the apache2.2-bin transitional package.
  
    [ Arno Töll ]
    * Add mode lines to various configuration files and scripts. Reformat
@@@ -28,8 -35,30 +33,30 @@@
    * Implement a -r switch for dh_apache2 which allows to force a reload of the
      web server if required.
  
 - -- Arno Töll <arno at debian.org>  Fri, 27 Apr 2012 02:22:58 +0200
 + -- Arno Töll <arno at debian.org>  Mon, 28 May 2012 17:36:03 +0200
  
+ apache2 (2.2.22-5) unstable; urgency=low
+ 
+   * Make LoadFile and LoadModule look in the standard search paths if the
+     dso file name is given as a pure filename. This helps with the multi-arch
+     transition.
+ 
+  -- Stefan Fritsch <sf at debian.org>  Mon, 30 Apr 2012 23:38:33 +0200
+ 
+ apache2 (2.2.22-4) unstable; urgency=high
+ 
+   * CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual
+     hosts' config files.
+     If scripting modules like mod_php or mod_rivet are enabled on systems
+     where either 1) some frontend server forwards connections to an apache2
+     backend server on the localhost address, or 2) the machine running
+     apache2 is also used for web browsing, this could allow a remote
+     attacker to execute example scripts stored under /usr/share/doc.
+     Depending on the installed packages, this could lead to issues like cross
+     site scripting, code execution, or leakage of sensitive data.
+ 
+  -- Stefan Fritsch <sf at debian.org>  Sun, 15 Apr 2012 23:41:43 +0200
+ 
  apache2 (2.4.2-1) experimental; urgency=low
  
    * New upstream release

-- 
Debian packaging for apache2 (Apache HTTPD 2.x)

More information about the Pkg-apache-commits mailing list