This bug was fixed in the package apache2 - 2.2.14-5ubuntu8.15
---------------
apache2 (2.2.14-5ubuntu8.15) lucid-security; urgency=medium
* SECURITY UPDATE: HTTP header replacement via HTTP trailers (LP: #1425141)
- debian/patches/CVE-2013-5704.dpatch: don't merge trailers by default
and add a "MergeTrailers" directive to revert to previous behaviour
to include/http_core.h, include/httpd.h, modules/http/http_filters.c,
modules/http/http_request.c, modules/loggers/mod_log_config.c,
modules/proxy/mod_proxy_http.c, modules/proxy/proxy_util.c,
server/core.c, server/protocol.c.
- CVE-2013-5704
-- Marc Deslauriers <[email protected]> Thu, 05 Mar 2015 12:45:09
-0500
** Changed in: apache2 (Ubuntu Trusty)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1425141
Title:
mod_headers CVE-2013-5704
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1425141/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
