apr-util is vulnerable to an xml entity bomb, this affects e.g. mod_webdav/svn in apache. See http://milw0rm.com/exploits/8842 http://svn.apache.org/viewvc?rev=781403&view=rev CVE is requested on oss-security.
*** This bug has been marked as a duplicate of bug 272260 ***