Hi,
I have downloaded and built Apache-2.2.14, using the bundled apr-1.3.9.
On x86 Solaris I am seeing bad behaviour which looks very like what is
described in https://issues.apache.org/bugzilla/show_bug.cgi?id=48029
(and maybe also https://issues.apache.org/bugzilla/show_bug.cgi?id=48030
). As far as I can see, these bugs are fixed in apr-1.3.10, but I can't
find a release schedule for that.
I also notice that the APR download page quotes apr-1.3.8 as the best
available version, rather than the apr-1.3.9 that is bundled with
apache-2.2.14.
So, a bit confused here. The reason I'm building Apache at all is to
get a fix for this vulnerability -
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2699 - which
says that it affects apr-1.3.8 and earlier. But apr-1.3.9 is apparently
broken as well, as discussed above, and I can't find a release schedule
for apr-1.3.10.
How should I best proceed?
--
Bill Weir
Sun Microsystems, Inc.
