Apache httpd 2.2.9 was released. It's bugfix release, some bugs are sequrity related. Reproducible: Always Steps to Reproduce:
*) SECURITY: CVE-2008-2364 (cve.mitre.org) mod_proxy_http: Better handling of excessive interim responses from origin server to prevent potential denial of service and high memory usage. Reported by Ryujiro Shibuya. [Ruediger Pluem, Joe Orton, Jim Jagielski] *) SECURITY: CVE-2007-6420 (cve.mitre.org) mod_proxy_balancer: Prevent CSRF attacks against the balancer-manager interface. [Joe Orton]
Eh, assign...
2.2.9 in cvs, ready for stabilization
Arches, please test and mark stable: =www-servers/apache-2.2.9 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release s390 sh sparc x86"
ppc stable
Stable for HPPA.
x86 stable
amd64 stable
alpha/ia64/sparc stable
ppc64 done
Fixed in release snapshot.
GLSA 200807-06