As you may have seen on our announce mailing list yesterday, the Apache HTTP Server Project released 2.2.25 yesterday.
This release includes a security fix that is important for Subversion sites using mod_dav_svn to host their repositories. Specifically it includes a fix for the following DoS issue: * SECURITY: CVE-2013-1896 (cve.mitre.org) mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. Exploiting this vulnerability does require write access to the repository, so it is a relatively low risk issue. There are no known workarounds available, so the only way to resolve this issue is to upgrade or patch the Apache HTTP server. Also note that at this time there is no Apache HTTP 2.4.x release that includes this fix. We anticipate that the HTTP project will release 2.4.5 soon which we expect to include the fix for those using HTTP 2.4.x. You can download the Apache HTTP 2.2.25 release from: http://httpd.apache.org/download.cgi