Accepted libapache-mod-jk 1:1.2.37-4+deb8u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 23 May 2015 01:16:37 +0200
Source: libapache-mod-jk
Binary: libapache2-mod-jk libapache-mod-jk-doc
Architecture: source amd64 all
Version: 1:1.2.37-4+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@gambaru.de>
Description:
libapache-mod-jk-doc - Documentation of libapache2-mod-jk package
libapache2-mod-jk - Apache 2 connector for the Tomcat Java servlet engine
Closes: 783233
Changes:
libapache-mod-jk (1:1.2.37-4+deb8u1) jessie-security; urgency=high
.
* Team upload.
* Add CVE-2014-8111.patch. (Closes: #783233)
It was discovered that a JkUnmount rule for a subtree of a previous JkMount
rule could be ignored. This could allow a remote attacker to potentially
access a private artifact in a tree that would otherwise not be accessible
to them.
- Add option to control handling of multiple adjacent slashes in mount and
unmount. New default is collapsing the slashes only in unmount. Before
this change, adjacent slashes were never collapsed, so most mounts and
unmounts didn't match for URLs with multiple adjacent slashes.
- Configuration is done via new JkOption for Apache
(values "CollapseSlashesAll", "CollapseSlashesNone" or
"CollapseSlashesUnmount").
Checksums-Sha1:
e73308fe64a73c73feb836c3702cab372ef9c8ba 2197 libapache-mod-jk_1.2.37-4+deb8u1.dsc
99e9ba0b2e72b28da7de6b14f103302e7b392a5d 1528647 libapache-mod-jk_1.2.37.orig.tar.gz
8e630adb50c290c2c4e67d7740a6eee27a68a250 13708 libapache-mod-jk_1.2.37-4+deb8u1.debian.tar.xz
19ab786baf24228b1126ab5fb2bb2ff207fb295f 167312 libapache-mod-jk-doc_1.2.37-4+deb8u1_all.deb
Checksums-Sha256:
a2e1023a1515c8214570668898c256d44a10af837c2cef3261fdace69c317759 2197 libapache-mod-jk_1.2.37-4+deb8u1.dsc
38a92623ddd28b85bbf54cf77f4c867ccbebafb71233131471623691e4e751f9 1528647 libapache-mod-jk_1.2.37.orig.tar.gz
3ccedf8dbd4d2e9207fe60bc1933c08cefac21ed8e10da15c96f7b28abf87b9e 13708 libapache-mod-jk_1.2.37-4+deb8u1.debian.tar.xz
20075788fb3c2f065f7701ef8b1ed039a004bf0430ac25159b440daab1a1e208 167312 libapache-mod-jk-doc_1.2.37-4+deb8u1_all.deb
Files:
77484e9e4174767c6fc1796b785f7040 2197 httpd optional libapache-mod-jk_1.2.37-4+deb8u1.dsc
64c3803477b47c5b7ef7f0e4a416e45e 1528647 httpd optional libapache-mod-jk_1.2.37.orig.tar.gz
d175d11f794de7b9f363c75ed077c943 13708 httpd optional libapache-mod-jk_1.2.37-4+deb8u1.debian.tar.xz
f40121d179c7ec9430a6af1a913f7712 167312 doc optional libapache-mod-jk-doc_1.2.37-4+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVbLIvAAoJEAVMuPMTQ89EbbAP/iPvc7VR/OAPK+CvUMi5sKdx
IZyiSnZOFW4um4YvAXe+c+bMNTz2P4sr8Ckjst+x153bH6Mcjs5tw7hqlAlfRLDH
2RsZHcnrHp4vOPf2jvDXLE3qKaPohfY2aMTi7wuVb946YqOaHyQG0aIrxDT0IvbK
Izd5cFgiGr7OIeJRpJGka/oADM4ZaJ3zox1OFin1xvVc2IwWtLxVj0baWipb6k/A
uTGzelEqprE3alQ+KOUq+r4ahVBVrZ6g8pIxfYyTqWyl4QNtuIzqzjxNTMwMWdxE
iz/d9tXizL2xzznAcNrYVUD2yDbIfhngRKr4D9wPtUZBg4QrXPYv1bFQ5TCAkSRZ
nhX60t8Hm8V+Y1ZiueKGhK9jppCYTv91V5ynNhltlNL+GLxXih/SesHru7bKpRKC
m/7ul/J0Y2ueEK/2ng9yxqQGuMXAs3HGoDpqJ2v7MYSU2wvnmA4dqq/FJLu+j/Lc
mzYEAt79YrdFQjP6R1j3VwJEUHT8wujrsSBtlQV0XaF+jmT2uMYpLIvJo1/UKG6K
o5bU2Hn982uHBAj/jJQDASZQQxyzF8rrvgvop0VSkqsXIe5AgAZh/8NJ2x713/fa
n4hxWk375nNVv6K5217r0qtkc7zFNUXAZlJ15Og21xRHdFfSNNm3h+v6sEQTSg1s
zZmM670vmu5vHcyhvOm7
=y4/r
-----END PGP SIGNATURE-----