I didn't see an open security bug for them, apache 2.2.12 (which is already in tree, but ~) contains a couple of minor security-issues. From http://httpd.apache.org/security/vulnerabilities_22.html: important: mod_proxy reverse proxy DoS CVE-2009-1890 important: mod_proxy_ajp information disclosure CVE-2009-1191 low: mod_deflate DoS CVE-2009-1891 low: AllowOverride Options handling bypass CVE-2009-1195 The apr-related issues probably don't affect us, cause we're not using the bundled apr/apr-util.
We already fixed everything with .11 backports. :) [17:30:50] <rbubot> a3li: * CVE-2009-1890 has bug 276426 [17:30:59] <rbubot> a3li: * CVE-2009-1191 has bug 268154 [17:31:11] <rbubot> a3li: * CVE-2009-1891 has bug 276792 [17:31:19] <rbubot> a3li: * CVE-2009-1195 has bug 271470 [17:32:50] <rbubot> a3li: * CVE-2009-1955 has bug 272260 [17:32:57] <rbubot> a3li: * CVE-2009-0023 has bug 274193 [17:32:42] <rbubot> a3li: * CVE-2009-1956 has bug 268643