This could cause a Denial of Service and under certain circumstances cause arbitrary code execution. A fix is available here: http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=108687304202140
The patch hasnt made it into upstream yet...still waiting. chuck
Patch has been added and version bumped. Please have other arches test. web-apps herd should have to be notified about apache bugs. Thanks chuck
x86 ppc sparc mips alpha hppa amd64 ia64: please mark stable
Stable on alpha.
Stable on sparc
Stable on mips
Stable on x86.
Stable on hppa.
GLSA is ready. ppc, amd64: please mark stable so it can go out :)
Stable on ppc too
Stable on amd64. Sorry for the delay.
GLSA 200406-16