Accepted:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 23 May 2015 23:33:30 +0200 Source: libapache-mod-jk Binary: libapache2-mod-jk libapache-mod-jk-doc Architecture: source amd64 all Version: 1:1.2.37-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@gambaru.de> Description: libapache-mod-jk-doc - Documentation of libapache2-mod-jk package libapache2-mod-jk - Apache 2 connector for the Tomcat Java servlet engine Closes: 783233 Changes: libapache-mod-jk (1:1.2.37-1+deb7u1) wheezy-security; urgency=high . * Team upload. * Add CVE-2014-8111.patch. (Closes: #783233) It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them. - Add option to control handling of multiple adjacent slashes in mount and unmount. New default is collapsing the slashes only in unmount. Before this change, adjacent slashes were never collapsed, so most mounts and unmounts didn't match for URLs with multiple adjacent slashes. - Configuration is done via new JkOption for Apache (values "CollapseSlashesAll", "CollapseSlashesNone" or "CollapseSlashesUnmount"). Checksums-Sha1: acc483a8e6ff8ee1feafe877ef1b1795874fbda0 2176 libapache-mod-jk_1.2.37-1+deb7u1.dsc cf5e40ca23c9748adbd150efa7d1a64b8ecd2124 14967 libapache-mod-jk_1.2.37-1+deb7u1.debian.tar.gz 56d0961c527b8d8e722729317a16a4183acb6bf6 173826 libapache2-mod-jk_1.2.37-1+deb7u1_amd64.deb 372e1e6650c5aa0344e1ffd3978a3b8373bbec7d 216000 libapache-mod-jk-doc_1.2.37-1+deb7u1_all.deb Checksums-Sha256: 40d06a33c2e017393fe2daabea6d0855f298076d4af894361c6c38f2dc912502 2176 libapache-mod-jk_1.2.37-1+deb7u1.dsc d2dfa1fe7e6b847ef4bdb95f0e7036bbfb25dd235b1bbf57fab3a54925478220 14967 libapache-mod-jk_1.2.37-1+deb7u1.debian.tar.gz be88b82a93ff691975e3fe491ab1a6dc56bc25c894fc6d1def89c193c80b4e65 173826 libapache2-mod-jk_1.2.37-1+deb7u1_amd64.deb c306561370fbe8204fe55f2f1c04be8d7d9f89c3a7a38fb9f10aa84634d8df77 216000 libapache-mod-jk-doc_1.2.37-1+deb7u1_all.deb Files: 108b6be8e6928d43d7bb47fb2d597230 2176 httpd optional libapache-mod-jk_1.2.37-1+deb7u1.dsc 229b7cc7e92d979429066877a6f1daee 14967 httpd optional libapache-mod-jk_1.2.37-1+deb7u1.debian.tar.gz 05f6fcf891f35cd49942c06b2a8e9afd 173826 httpd optional libapache2-mod-jk_1.2.37-1+deb7u1_amd64.deb dc94242db1ecc82c47a419175a235753 216000 doc optional libapache-mod-jk-doc_1.2.37-1+deb7u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVbLSNAAoJEAVMuPMTQ89EDpYP/0ODpHVpxNUQVr5ZruNGsffn hFICr/kVOiO4BxgNM5U1rg4bqIAoz8wpPTvlWkXg6AOjsgKtp+KybhDE7W6Kyl7X 87XsZ1uuSHdSobVG1pGtmewLLkCt6aHXI2zhgrc9n0JuC9AA+R/Wwt7QCHmGZ2hh 2ISXjvL11AXFCvwFehHuABvfX0fM80MFW74ELkvibuDiQ8q0g+o1CPQOi+iaBlef RHTpb6FuynTs+G2Ixqcz8kNcKXO3+QrjIFoPnXHySS6viJBYU8kvo+7ZctaAGHbW NHBKHLcZTE+C9kkBskRqkQNGIwx2vAEVutz3C9iycVcxAJCp8L95CCSp6RjumFT2 SmPnutiElG7OKOmTQ88JfS1HBsFLZXdGSg98NR/v6DK2gg1/TWUzE7l05abU4Nfe SiYo83LEhmIzbWF19NJmvcat1PRSFEt1M0jnbgmP4+qg31sy1ThEPw2TPuRhs0Gx fQYTNJR2ZzPmwr+AFnhNt36z3lbLVP7PNnQRjmpkVekhEG3dyq7LBJgd+IF1MW7a wXFv5T54VPRmkxDloBv7oweu/cM3cSBxC+455SF4l+V159WrPLG8+RnpG3/PPDLB K5B4i2+1fOPUK9NBovkgvlSSnDchOjEU5Q0CMWGGokfY/QlKzQsZYX7T869vg0Mb ukIFCHBSPDGHJz1Z7eZH =Pczb -----END PGP SIGNATURE----- Thank you for your contribution to Debian. __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.