There is a 1.3.42 release candidate for testing, and voting, at;
http://people.apache.org/~colm/1.3.42/
As per the changes, there are two updates;
*) SECURITY: CVE-2010-0010 (cve.mitre.org)
mod_proxy: Prevent chunk-size integer overflow on platforms
where sizeof(int) < sizeof(long). Reported by Adam Zabrocki.
[Colm MacCárthaigh
*) Protect logresolve from mismanaged DNS records that return
blank/null hostnames. [Jim Jagielski]
Notes;
this is intended as the final release of Apache httpd 1.3, which has
reached end of life. Security updates may continue to be provided by
another means (see the CHANGES file for details).
Apache httpd 1.3's "./configure" script does not work with some
versions of "dash". Please change the hash-bang line to execute a
bourne-compatible shell, such as "/bin/bash" on platforms affected.
Many thanks in advance for your help and testing.
--
Colm
