There is a 1.3.42 release candidate for testing, and voting, at; http://people.apache.org/~colm/1.3.42/
As per the changes, there are two updates; *) SECURITY: CVE-2010-0010 (cve.mitre.org) mod_proxy: Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long). Reported by Adam Zabrocki. [Colm MacCárthaigh *) Protect logresolve from mismanaged DNS records that return blank/null hostnames. [Jim Jagielski] Notes; this is intended as the final release of Apache httpd 1.3, which has reached end of life. Security updates may continue to be provided by another means (see the CHANGES file for details). Apache httpd 1.3's "./configure" script does not work with some versions of "dash". Please change the hash-bang line to execute a bourne-compatible shell, such as "/bin/bash" on platforms affected. Many thanks in advance for your help and testing. -- Colm