Hi all, The tarballs are (will soon be) at http://httpd.apache.org/dev/dist/.
This release contains fixes for the following security issues:
*) SECURITY: CVE-2009-2699 (cve.mitre.org)
Fixed in APR 1.3.9. Faulty error handling in the Solaris
pollset support (Event Port backend) which could trigger
hangs in the prefork and event MPMs on that platform.
PR 47645. [Jeff Trawick]
*) SECURITY: CVE-2009-3095 (cve.mitre.org)
mod_proxy_ftp: sanity check authn credentials.
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
*) SECURITY: CVE-2009-3094 (cve.mitre.org)
mod_proxy_ftp: NULL pointer dereference on error paths.
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
+/-1
[ ] Release httpd-2.2.14 as GA
Regards,
Graham
--
smime.p7s
Description: S/MIME Cryptographic Signature
