Fix a denial of service attack against apr_brigade_split_line().
The upstream appears to have tagged 1.3.10 for release.
Stable for HPPA.
Stable on alpha.
GLSA Vote: Yes, remote unauthenticated DoS in a common package.
The apr_brigade_split_line function in buckets/apr_brigade.c in the
Apache Portable Runtime Utility library (aka APR-util) before 1.3.10,
as used in the mod_reqtimeout module in the Apache HTTP Server and
other software, allows remote attackers to cause a denial of service
(memory consumption) via unspecified vectors.
Vote: YES, glsa request filed.
This issue was resolved and addressed in
GLSA 201405-24 at http://security.gentoo.org/glsa/glsa-201405-24.xml
by GLSA coordinator Sean Amoss (ackle).