httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sander Temme <scte...@apache.org>
Subject Re: [VOTE] 1.3.42 release candidate
Date Fri, 08 Jan 2010 17:41:50 GMT

On Jan 8, 2010, at 4:29 AM, Colm MacCárthaigh wrote:

> There is a 1.3.42 release candidate for testing, and voting, at;
> 
>         http://people.apache.org/~colm/1.3.42/

Not seeing gpg sigs or md5s on the tarballs.  Didn't we used to do that back then? 

S.

> As per the changes, there are two updates;
> 
> *) SECURITY: CVE-2010-0010 (cve.mitre.org)
>     mod_proxy: Prevent chunk-size integer overflow on platforms
>     where sizeof(int) < sizeof(long). Reported by Adam Zabrocki.
>     [Colm MacCárthaigh
> 
>  *) Protect logresolve from mismanaged DNS records that return
>     blank/null hostnames. [Jim Jagielski]
> 
> Notes;
> 
> this is intended as the final release of Apache httpd 1.3, which has
> reached end of life. Security updates may continue to be provided by
> another means (see the CHANGES file for details).
> 
> Apache httpd 1.3's "./configure" script does not work with some
> versions of "dash". Please change the hash-bang line to execute a
> bourne-compatible shell, such as "/bin/bash" on platforms affected.
> 
> Many thanks in advance for your help and testing.
> 
> -- 
> Colm
> 
> 



-- 
Sander Temme
sctemme@apache.org
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF




Mime
View raw message