-
passenger (2.2.11debian-2+deb6u1ubuntu12.04.2) precise-security; urgency=medium
* REGRESSION UPDATE: Fix for regression introduced in previous
CVE-2015-7519 fix. All HTTP headers were dropped from the
request which broke all applications. Backport the upstream
fix from commit c04590871ca0878d4d3ac1220c5a554b049056b4 for
Apache2 only (LP: #1575220)
-- Trent Lloyd <email address hidden> Tue, 05 Jul 2016 00:42:47 +0800
-
passenger (2.2.11debian-2+deb6u1ubuntu12.04.1) precise-security; urgency=medium
* fake sync from Debian
passenger (2.2.11debian-2+deb6u1) squeeze-lts; urgency=high
* Non-maintainer upload by the Squeeze LTS Team.
* CVE-2015-7519
agent/Core/Controller/SendRequest.cpp in Phusion Passenger
before 4.0.60 and 5.0.x before 5.0.22, when used in Apache
integration mode or in standalone mode without a filtering
proxy, allows remote attackers to spoof headers passed to
applications by using an _ (underscore) character instead
of a - (dash) character in an HTTP header, as demonstrated
by an X_User header.
-- Steve Beattie <email address hidden> Mon, 25 Apr 2016 16:38:03 -0700
-
passenger (2.2.11debian-2) unstable; urgency=low
[Laurent Arnoud]
* Team upload.
* Bump Standards version to 3.9.1 (no changes).
[Evgeni Golov]
* Correctly install docs in passenger-doc (Closes: #599024)
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 15 Oct 2010 09:53:20 +0000
