* debian/patches/212_sslinsecurerenegotiation-directive.dpatch: once
openssl gets updated to fix CVE-2009-3555, server renegotiations with
unpatched clients will fail. This patch adds the ability to revert to
the previous unsafe behaviour with a new SSLInsecureRenegotiation
directive. (LP: #616759)
* debian/control: add specific dependency on first openssl version to get
CVE-2009-3555 fix.
-- Marc Deslauriers <email address hidden> Mon, 16 Aug 2010 13:39:40 -0400
This bug was fixed in the package apache2 - 2.2.8-1ubuntu0.18
---------------
apache2 (2.2.8-1ubuntu0.18) hardy-security; urgency=low
* debian/ patches/ 212_sslinsecure renegotiation- directive. dpatch: once gotiation
openssl gets updated to fix CVE-2009-3555, server renegotiations with
unpatched clients will fail. This patch adds the ability to revert to
the previous unsafe behaviour with a new SSLInsecureRene
directive. (LP: #616759)
* debian/control: add specific dependency on first openssl version to get
CVE-2009-3555 fix.
-- Marc Deslauriers <email address hidden> Mon, 16 Aug 2010 13:39:40 -0400