Graham Leggett schrieb: > Hi all, > > The tarballs are (will soon be) at http://httpd.apache.org/dev/dist/. > > This release contains fixes for the following security issues: > > *) SECURITY: CVE-2009-2699 (cve.mitre.org) > Fixed in APR 1.3.9. Faulty error handling in the Solaris > pollset support (Event Port backend) which could trigger > hangs in the prefork and event MPMs on that platform. > PR 47645. [Jeff Trawick] > > *) SECURITY: CVE-2009-3095 (cve.mitre.org) > mod_proxy_ftp: sanity check authn credentials. > [Stefan Fritsch <sf fritsch.de>, Joe Orton] > > *) SECURITY: CVE-2009-3094 (cve.mitre.org) > mod_proxy_ftp: NULL pointer dereference on error paths. > [Stefan Fritsch <sf fritsch.de>, Joe Orton] > > +/-1 > [ ] Release httpd-2.2.14 as GA +1 for NetWare - no regressions; builds ok; runs fine also with PHP, Perl, mod_jk ...
Gün.
