httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: [vote] release httpd-2.2.14?
Date Fri, 25 Sep 2009 17:25:40 GMT
I'll wait until we know that APR 1.3.9 is OK :)

On Sep 23, 2009, at 7:24 PM, Graham Leggett wrote:

> Hi all,
>
> The tarballs are (will soon be) at http://httpd.apache.org/dev/dist/.
>
> This release contains fixes for the following security issues:
>
>  *) SECURITY: CVE-2009-2699 (cve.mitre.org)
>     Fixed in APR 1.3.9.  Faulty error handling in the Solaris
>     pollset support (Event Port backend) which could trigger
>     hangs in the prefork and event MPMs on that platform.
>     PR 47645.  [Jeff Trawick]
>
>  *) SECURITY: CVE-2009-3095 (cve.mitre.org)
>     mod_proxy_ftp: sanity check authn credentials.
>     [Stefan Fritsch <sf fritsch.de>, Joe Orton]
>
>  *) SECURITY: CVE-2009-3094 (cve.mitre.org)
>     mod_proxy_ftp: NULL pointer dereference on error paths.
>     [Stefan Fritsch <sf fritsch.de>, Joe Orton]
>
>  +/-1
>  [  ]  Release httpd-2.2.14 as GA
>
> Regards,
> Graham
> --


Mime
View raw message