This bug was fixed in the package apache2 - 2.2.15-5ubuntu1
---
apache2 (2.2.15-5ubuntu1) maverick; urgency=low
* Merge from debian unstable. Remaining changes:
- debian/{control, rules}: Enable PIE hardening.
- debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
- debian/control: Add bzr tag and point it to our tree.
- debian/apache2-2.common.apache2.init: Add graceful restart (LP: #456381)
+ Dropped:
- debian/patches/206-fix-potential-memory-leaks.dpatch: No longer needed.
- debian/patches/206-report-max-client-mpm-worker.dpatch: No longer
needed.
- debian/config-dir/apache2.conf: Merged back from debian.
- mod-reqtimeout functionality: Merge back from debian.
- debian/patches/204_CVE-2010-0408.dpatch: No longer needed.
- debian/patches/205_CVE-2010-0434.dpatch: No longer needed.
- debian/patches/203_fix-ab-segfault.dpatch: No longer needed.
apache2 (2.2.15-5) unstable; urgency=low
* Conflict with apache package as we now include apachectl. Closes: #579065
* Remove conflicts with old apache 2.0 modules. The conflicts are not
necessary anymore as skipping a stable release is not supported anyway.
* Silence the grep in preinst.
apache2 (2.2.15-4) unstable; urgency=low
* Move definition of other_vhosts_access.log to new config file
/etc/apache2/conf.d/other-vhosts-access-log, but disable it
if it has been disabled by the admin. Closes: #576572. LP: #507616
* Comment out the contents of mods-available/proxy.conf, as it just
is a nuisance for use of apache2 as a reverse proxy, which is much
more common than the use as forward proxy. Extend the comments
in the file.
* Change defaults or add example configs for some modules:
status.conf:
- enable ExtendedStatus by default
- enable ProxyStatus by default
- document SeeRequestTail directive
proxy_ftp.conf:
- set 'ProxyFtpDirCharset UTF-8' by default
ldap.conf:
- enable /ldap-status page, allow it from localhost by default
proxy_balancer.conf:
- add (disabled) example for /balancer-manager page
ssl.conf:
- document SSLStrictSNIVHostCheck directive
* Add symlink from apachectl to apache2ctl to be more compatible with
upstream. Apache httpd 1.3 hasn't been in Debian for some time.
* Simplify logrotate script. Closes: #576105
* Remove empty directory /usr/lib/debug/usr/sbin in mpm packages.
Closes: #576089
* Fix apxs2 to work with perl 5.12rc3. Closes: #577239
* Add source/format file to make lintian happy.
apache2 (2.2.15-3) unstable; urgency=low
* mod_reqtimeout: backport bugfixes from upstream trunk up to r928881,
including a fix for mod_proxy CONNECT requests.
* mod_dav_fs: Use correct permissions when creating new files. LP: #540747
apache2 (2.2.15-2) unstable; urgency=low
* Make the Files ~ ^\.ht block in apache2.conf more secure by adding
Satisfy all. Closes: #572075
* mod_reqtimeout: Various bug fixes, including:
- Don't mess up timeouts of mod_proxy's backend connections.
Closes: #573163
apache2 (2.2.15-1) unstable; urgency=low
* New upstream version:
- CVE-2010-0408: mod_proxy_ajp: Fixes denial of service vulnerability
- CVE-2009-3555: mod_ssl: Improve the mitigation against SSL/TLS protocol
prefix injection attack.
- CVE-2010-0434: mod_headers: Fix potential information leak with threaded
MPMs.
- mod_reqtimeout: New module limiting the time waiting for receiving
a request from the client. This is a (partial) mitigation against
slowloris-type resource exhaustion attacks. The module is enabled by
default. Closes: #533661
- mod_ssl: Add SSLInsecureRenegotiation directive to allows insecure
renegotiation with clients which do not yet support the secure
renegotiation protocol. As this requires openssl 0.9.8m, bump
build dependency accordingly.
* Fix bash completion for a2ensite if the site name contains 'conf' or
'load'. Closes: #572232
* Do a configcheck in the init script before doing a non-graceful restart.
Closes: #571461
apache2 (2.2.14-7) unstable; urgency=low
* Fix potential memory leaks related to the usage of apr_brigade_destroy().
* Add hints about correct mod_dav_fs configuration to README.Debian.
Closes: #257945
* Fix error in Polish translation of 404 error page. Closes: #570228
* Document ThreadLimit in apache2.conf's comments.
apache2 (2.2.14-6) unstable; urgency=low
* Use environment variables APACHE_RUN_DIR, APACHE_LOCK_DIR, and
APACHE_LOG_DIR in the default configuration. If you have modified
/etc/apache2/envvars, make sure that these variables are set and exported.
* Add support for multiple apache2 instances to initscript and apache2ctl.
See /usr/share/doc/apache2.2-common/README.multiple-instances for details.
Closes: #353450
* Set default compiled-in ServerRoot to
