httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: [vote] release httpd-2.2.14?
Date Sun, 27 Sep 2009 00:19:40 GMT


On 09/24/2009 01:24 AM, Graham Leggett wrote:
> Hi all,
> 
> The tarballs are (will soon be) at http://httpd.apache.org/dev/dist/.
> 
> This release contains fixes for the following security issues:
> 
>   *) SECURITY: CVE-2009-2699 (cve.mitre.org)
>      Fixed in APR 1.3.9.  Faulty error handling in the Solaris
>      pollset support (Event Port backend) which could trigger
>      hangs in the prefork and event MPMs on that platform.
>      PR 47645.  [Jeff Trawick]
> 
>   *) SECURITY: CVE-2009-3095 (cve.mitre.org)
>      mod_proxy_ftp: sanity check authn credentials.
>      [Stefan Fritsch <sf fritsch.de>, Joe Orton]
> 
>   *) SECURITY: CVE-2009-3094 (cve.mitre.org)
>      mod_proxy_ftp: NULL pointer dereference on error paths.
>      [Stefan Fritsch <sf fritsch.de>, Joe Orton]
> 
>   +/-1
>   [  ]  Release httpd-2.2.14 as GA

+1.

Tested prefork, worker, event all gcc with

Solaris 8, 9, 10 (SPARC 32Bit) (event not with 8 and 9)
RHEL 4, 5 (x86 32 and 64 Bit)
OpenSuSE 10.2 32 Bit
OpenSuSE 11.1 64 Bit

Regards

RĂ¼diger

Mime
View raw message