httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <>
Subject [vote] release httpd-2.2.14?
Date Wed, 23 Sep 2009 23:24:06 GMT
Hi all,

The tarballs are (will soon be) at

This release contains fixes for the following security issues:

  *) SECURITY: CVE-2009-2699 (
     Fixed in APR 1.3.9.  Faulty error handling in the Solaris
     pollset support (Event Port backend) which could trigger
     hangs in the prefork and event MPMs on that platform.
     PR 47645.  [Jeff Trawick]

  *) SECURITY: CVE-2009-3095 (
     mod_proxy_ftp: sanity check authn credentials.
     [Stefan Fritsch <sf>, Joe Orton]

  *) SECURITY: CVE-2009-3094 (
     mod_proxy_ftp: NULL pointer dereference on error paths.
     [Stefan Fritsch <sf>, Joe Orton]

  [  ]  Release httpd-2.2.14 as GA


View raw message