Since there is no specific reference to the fix for CVE-2009-2699 in the APR change history or elsewhere, can someone (hello Jeff) confirm that the patch referenced here:
https://issues.apache.org/bugzilla/show_bug.cgi?id=47645#c13 is a sufficient fix for the vulnerability? Regards, Joe
