Return-Path: 
 <dev-return-65920-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: (qmail 60608 invoked from network); 24 Sep 2009 22:12:31 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 24 Sep 2009 22:12:31 -0000
Received: (qmail 42283 invoked by uid 500); 24 Sep 2009 22:12:30 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 42188 invoked by uid 500); 24 Sep 2009 22:12:30 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
List-Id: <dev.httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 42179 invoked by uid 99); 24 Sep 2009 22:12:30 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Sep 2009 22:12:30 +0000
X-ASF-Spam-Status: No, hits=1.2 required=10.0
	tests=SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (athena.apache.org: local policy)
Received: from [194.242.35.75] (HELO dns-factory.at) (194.242.35.75)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Sep 2009 22:12:20 +0000
Received: from [172.17.100.14] apache@gknw.net [84.63.2.111]
	by dns-factory.at with NetMail SMTP Agent $Revision: 8582 $ on Novell NetWare
	via secured & encrypted transport (TLS);
	Fri, 25 Sep 2009 00:11:47 +0200
Message-ID: <4ABBEEA1.3070203@apache.org>
Date: Fri, 25 Sep 2009 00:11:45 +0200
From: Guenter Knauf <fuankg@apache.org>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: dev@httpd.apache.org
Subject: Re: [vote] release httpd-2.2.14?
References: <4ABAAE16.5040907@sharp.fm>
In-Reply-To: <4ABAAE16.5040907@sharp.fm>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Virus-Checked: Checked by ClamAV on apache.org

Graham Leggett schrieb:
> Hi all,
>=20
> The tarballs are (will soon be) at http://httpd.apache.org/dev/dist/.
>=20
> This release contains fixes for the following security issues:
>=20
>   *) SECURITY: CVE-2009-2699 (cve.mitre.org)
>      Fixed in APR 1.3.9.  Faulty error handling in the Solaris
>      pollset support (Event Port backend) which could trigger
>      hangs in the prefork and event MPMs on that platform.
>      PR 47645.  [Jeff Trawick]
>=20
>   *) SECURITY: CVE-2009-3095 (cve.mitre.org)
>      mod_proxy_ftp: sanity check authn credentials.
>      [Stefan Fritsch <sf fritsch.de>, Joe Orton]
>=20
>   *) SECURITY: CVE-2009-3094 (cve.mitre.org)
>      mod_proxy_ftp: NULL pointer dereference on error paths.
>      [Stefan Fritsch <sf fritsch.de>, Joe Orton]
>=20
>   +/-1
>   [  ]  Release httpd-2.2.14 as GA
+1 for NetWare - no regressions;
builds ok; runs fine also with PHP, Perl, mod_jk ...

G=FCn.