Accepted:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 23 May 2015 01:16:37 +0200 Source: libapache-mod-jk Binary: libapache2-mod-jk libapache-mod-jk-doc Architecture: source amd64 all Version: 1:1.2.37-4+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@gambaru.de> Description: libapache-mod-jk-doc - Documentation of libapache2-mod-jk package libapache2-mod-jk - Apache 2 connector for the Tomcat Java servlet engine Closes: 783233 Changes: libapache-mod-jk (1:1.2.37-4+deb8u1) jessie-security; urgency=high . * Team upload. * Add CVE-2014-8111.patch. (Closes: #783233) It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them. - Add option to control handling of multiple adjacent slashes in mount and unmount. New default is collapsing the slashes only in unmount. Before this change, adjacent slashes were never collapsed, so most mounts and unmounts didn't match for URLs with multiple adjacent slashes. - Configuration is done via new JkOption for Apache (values "CollapseSlashesAll", "CollapseSlashesNone" or "CollapseSlashesUnmount"). Checksums-Sha1: e73308fe64a73c73feb836c3702cab372ef9c8ba 2197 libapache-mod-jk_1.2.37-4+deb8u1.dsc 99e9ba0b2e72b28da7de6b14f103302e7b392a5d 1528647 libapache-mod-jk_1.2.37.orig.tar.gz 8e630adb50c290c2c4e67d7740a6eee27a68a250 13708 libapache-mod-jk_1.2.37-4+deb8u1.debian.tar.xz 19ab786baf24228b1126ab5fb2bb2ff207fb295f 167312 libapache-mod-jk-doc_1.2.37-4+deb8u1_all.deb Checksums-Sha256: a2e1023a1515c8214570668898c256d44a10af837c2cef3261fdace69c317759 2197 libapache-mod-jk_1.2.37-4+deb8u1.dsc 38a92623ddd28b85bbf54cf77f4c867ccbebafb71233131471623691e4e751f9 1528647 libapache-mod-jk_1.2.37.orig.tar.gz 3ccedf8dbd4d2e9207fe60bc1933c08cefac21ed8e10da15c96f7b28abf87b9e 13708 libapache-mod-jk_1.2.37-4+deb8u1.debian.tar.xz 20075788fb3c2f065f7701ef8b1ed039a004bf0430ac25159b440daab1a1e208 167312 libapache-mod-jk-doc_1.2.37-4+deb8u1_all.deb Files: 77484e9e4174767c6fc1796b785f7040 2197 httpd optional libapache-mod-jk_1.2.37-4+deb8u1.dsc 64c3803477b47c5b7ef7f0e4a416e45e 1528647 httpd optional libapache-mod-jk_1.2.37.orig.tar.gz d175d11f794de7b9f363c75ed077c943 13708 httpd optional libapache-mod-jk_1.2.37-4+deb8u1.debian.tar.xz f40121d179c7ec9430a6af1a913f7712 167312 doc optional libapache-mod-jk-doc_1.2.37-4+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVbLIvAAoJEAVMuPMTQ89EbbAP/iPvc7VR/OAPK+CvUMi5sKdx IZyiSnZOFW4um4YvAXe+c+bMNTz2P4sr8Ckjst+x153bH6Mcjs5tw7hqlAlfRLDH 2RsZHcnrHp4vOPf2jvDXLE3qKaPohfY2aMTi7wuVb946YqOaHyQG0aIrxDT0IvbK Izd5cFgiGr7OIeJRpJGka/oADM4ZaJ3zox1OFin1xvVc2IwWtLxVj0baWipb6k/A uTGzelEqprE3alQ+KOUq+r4ahVBVrZ6g8pIxfYyTqWyl4QNtuIzqzjxNTMwMWdxE iz/d9tXizL2xzznAcNrYVUD2yDbIfhngRKr4D9wPtUZBg4QrXPYv1bFQ5TCAkSRZ nhX60t8Hm8V+Y1ZiueKGhK9jppCYTv91V5ynNhltlNL+GLxXih/SesHru7bKpRKC m/7ul/J0Y2ueEK/2ng9yxqQGuMXAs3HGoDpqJ2v7MYSU2wvnmA4dqq/FJLu+j/Lc mzYEAt79YrdFQjP6R1j3VwJEUHT8wujrsSBtlQV0XaF+jmT2uMYpLIvJo1/UKG6K o5bU2Hn982uHBAj/jJQDASZQQxyzF8rrvgvop0VSkqsXIe5AgAZh/8NJ2x713/fa n4hxWk375nNVv6K5217r0qtkc7zFNUXAZlJ15Og21xRHdFfSNNm3h+v6sEQTSg1s zZmM670vmu5vHcyhvOm7 =y4/r -----END PGP SIGNATURE----- Thank you for your contribution to Debian. __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.