apache 2.0.53 is out. Two security fixes: <snip> *) SECURITY: CAN-2004-0942 (cve.mitre.org) Fix for memory consumption DoS in handling of MIME folded request headers. [Joe Orton] *) SECURITY: CAN-2004-0885 (cve.mitre.org) mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be bypassed during an SSL renegotiation. PR 31505. [Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton] </snip>
Both of these are Patched by the current ebuild. This is not a security issue.
Re #1: Fixed in net-www/apache-2.0.52-r2 or r3? Because r3 is in package.mask isn't it?
Nevermind. I didn't realize these bugs were from September.
The fixes for the the CAN's mentioned are applied to >=apache-2.0.52-r1.
Bumped in CVS.