This bug was fixed in the package passenger - 2.2.11debian-2+deb6u1ubuntu12.04.2
--------------- passenger (2.2.11debian-2+deb6u1ubuntu12.04.2) precise-security; urgency=medium * REGRESSION UPDATE: Fix for regression introduced in previous CVE-2015-7519 fix. All HTTP headers were dropped from the request which broke all applications. Backport the upstream fix from commit c04590871ca0878d4d3ac1220c5a554b049056b4 for Apache2 only (LP: #1575220) -- Trent Lloyd <trent.ll...@canonical.com> Tue, 05 Jul 2016 00:42:47 +0800 ** Changed in: passenger (Ubuntu) Status: Confirmed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-7519 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1575220 Title: puppet broken after libapache2-mod-passenger upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/passenger/+bug/1575220/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs