On Jan 8, 2010, at 4:29 AM, Colm MacCárthaigh wrote: > There is a 1.3.42 release candidate for testing, and voting, at; > > http://people.apache.org/~colm/1.3.42/
Not seeing gpg sigs or md5s on the tarballs. Didn't we used to do that back then? S. > As per the changes, there are two updates; > > *) SECURITY: CVE-2010-0010 (cve.mitre.org) > mod_proxy: Prevent chunk-size integer overflow on platforms > where sizeof(int) < sizeof(long). Reported by Adam Zabrocki. > [Colm MacCárthaigh > > *) Protect logresolve from mismanaged DNS records that return > blank/null hostnames. [Jim Jagielski] > > Notes; > > this is intended as the final release of Apache httpd 1.3, which has > reached end of life. Security updates may continue to be provided by > another means (see the CHANGES file for details). > > Apache httpd 1.3's "./configure" script does not work with some > versions of "dash". Please change the hash-bang line to execute a > bourne-compatible shell, such as "/bin/bash" on platforms affected. > > Many thanks in advance for your help and testing. > > -- > Colm > > -- Sander Temme [email protected] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
smime.p7s
Description: S/MIME cryptographic signature
