On 09/24/2009 01:24 AM, Graham Leggett wrote: > Hi all, > > The tarballs are (will soon be) at http://httpd.apache.org/dev/dist/. > > This release contains fixes for the following security issues: > > *) SECURITY: CVE-2009-2699 (cve.mitre.org) > Fixed in APR 1.3.9. Faulty error handling in the Solaris > pollset support (Event Port backend) which could trigger > hangs in the prefork and event MPMs on that platform. > PR 47645. [Jeff Trawick] > > *) SECURITY: CVE-2009-3095 (cve.mitre.org) > mod_proxy_ftp: sanity check authn credentials. > [Stefan Fritsch <sf fritsch.de>, Joe Orton] > > *) SECURITY: CVE-2009-3094 (cve.mitre.org) > mod_proxy_ftp: NULL pointer dereference on error paths. > [Stefan Fritsch <sf fritsch.de>, Joe Orton] > > +/-1 > [ ] Release httpd-2.2.14 as GA
+1. Tested prefork, worker, event all gcc with Solaris 8, 9, 10 (SPARC 32Bit) (event not with 8 and 9) RHEL 4, 5 (x86 32 and 64 Bit) OpenSuSE 10.2 32 Bit OpenSuSE 11.1 64 Bit Regards Rüdiger
