release of 2.2.20 for 10.10 LTS

Asked by Peter Lemieux on 2011-09-02

When might we see a release of Apache 2,2,20 with the fix for the range denial-of-service attack?
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192

The release announcement is here: http://www.apache.org/dist/httpd/Announcement2.2.html

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu apache2 Edit question
Assignee:
No assignee Edit question
Last query:
2011-09-02
Last reply:
2011-09-03
mycae (mycae) said : #1

This doesn't answer your question, but debian has already a fix for their deb,
http://security-tracker.debian.org/tracker/CVE-2011-3192

and the ubuntu bug is here:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/837991

mycae (mycae) said : #2

Looks like there has been a fix uploaded.
http://changelogs.ubuntu.com/changelogs/pool/main/a/apache2/apache2_2.2.17-1ubuntu1.2/changelog
http://changelogs.ubuntu.com/changelogs/pool/main/a/apache2/apache2_2.2.16-1ubuntu3.3/changelog

The updated package should be available on the -updates servers. It may take a little time for your mirror to be updated

Can you help with this problem?

Provide an answer of your own, or ask Peter Lemieux for more information if necessary.

To post a message you must log in.