This bug was fixed in the package apache2 - 2.2.14-5ubuntu1 --------------- apache2 (2.2.14-5ubuntu1) lucid; urgency=low
* Merge from debian testing. Remaining changes: LP: #506862 - debian/{control, rules}: Enable PIE hardening. - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles. - debian/control: Add bzr tag and point it to our tree. apache2 (2.2.14-5) unstable; urgency=low * Security: Further mitigation for the TLS renegotation attack (CVE-2009-3555): Disable keep-alive if parts of the next request have already been received when doing a renegotiation. This defends against some request splicing attacks. * Print a useful error message if 'apache2ctl status' fails. Add a comment to /etc/apache2/envvars on how to change the options for www-browser. Closes: #561496, #272069 * Improve function to detect apache2 pid in init-script (closes: #562583). * Add hint README.Debian on how to pass auth info to CGI scripts. Closes: #483219 * Re-introduce objcopy magic to avoid dangling symlinks to the debug info in the mpm packages. Closes: #563278 * Make apxs2 use a2enmod and /etc/apache2/mods-available. Closes: #470178, LP: #500703 * Point to README.backtrace in apache2-dbg's description. * Use more debhelper functions to simplify debian/rules. * Add misc-depends to various packages to make lintian happy. * Change build-dep from libcap2-dev to libcap-dev because of package rename. -- Bhavani Shankar <right2bh...@gmail.com> Wed, 13 Jan 2010 14:28:41 +0530 ** Changed in: apache2 (Ubuntu) Status: Triaged => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-3555 -- apxs failure regarding httpd.conf and LoadModule https://bugs.launchpad.net/bugs/500703 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs