httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject [vote] release httpd-2.2.14?
Date Wed, 23 Sep 2009 23:24:06 GMT
Hi all,

The tarballs are (will soon be) at http://httpd.apache.org/dev/dist/.

This release contains fixes for the following security issues:

  *) SECURITY: CVE-2009-2699 (cve.mitre.org)
     Fixed in APR 1.3.9.  Faulty error handling in the Solaris
     pollset support (Event Port backend) which could trigger
     hangs in the prefork and event MPMs on that platform.
     PR 47645.  [Jeff Trawick]

  *) SECURITY: CVE-2009-3095 (cve.mitre.org)
     mod_proxy_ftp: sanity check authn credentials.
     [Stefan Fritsch <sf fritsch.de>, Joe Orton]

  *) SECURITY: CVE-2009-3094 (cve.mitre.org)
     mod_proxy_ftp: NULL pointer dereference on error paths.
     [Stefan Fritsch <sf fritsch.de>, Joe Orton]

  +/-1
  [  ]  Release httpd-2.2.14 as GA

Regards,
Graham
--

Mime
View raw message