httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm MacCárthaigh <c...@allcosts.net>
Subject [VOTE] 1.3.42 release candidate
Date Fri, 08 Jan 2010 12:29:11 GMT
There is a 1.3.42 release candidate for testing, and voting, at;

         http://people.apache.org/~colm/1.3.42/

As per the changes, there are two updates;

 *) SECURITY: CVE-2010-0010 (cve.mitre.org)
     mod_proxy: Prevent chunk-size integer overflow on platforms
     where sizeof(int) < sizeof(long). Reported by Adam Zabrocki.
     [Colm MacCárthaigh

  *) Protect logresolve from mismanaged DNS records that return
     blank/null hostnames. [Jim Jagielski]

Notes;

this is intended as the final release of Apache httpd 1.3, which has
reached end of life. Security updates may continue to be provided by
another means (see the CHANGES file for details).

Apache httpd 1.3's "./configure" script does not work with some
versions of "dash". Please change the hash-bang line to execute a
bourne-compatible shell, such as "/bin/bash" on platforms affected.

Many thanks in advance for your help and testing.

-- 
Colm

Mime
View raw message