2.4.9 released http://mail-archives.apache.org/mod_mbox/httpd-announce/201403.mbox/%3CF590EEF7-7D4F-4ED7-A810-97ED5AA17DCE%40apache.org%3E
Segfaults with truncated cookie logging.
mod_log_config: Prevent segfaults when logging truncated
cookies. Clean up the cookie logging parser to recognize
only the cookie=value pairs, not valueless cookies.
mod_dav: Keep track of length of cdata properly when removing
leading spaces. Eliminates a potential denial of service from
specifically crafted DAV WRITE requests
+*apache-2.4.9 (18 Mar 2014)
+ 18 Mar 2014; Lars Wendler <email@example.com> -apache-2.4.6-r2.ebuild,
+ Security bump (bug #504990). Removed old.
Patrick, do you know if those vulnerabilities affect 2.2.x too?
Reopening, as according to RHSA about those CVEs, 2.2 branch is also vulnerable
 - https://rhn.redhat.com/errata/RHSA-2014-0369.html
These two CVE's are fixed in the 2.2 branch in 2.2.27, which is currently stable.
Adding to an existing GLSA request.
The log_cookie function in mod_log_config.c in the mod_log_config module in
the Apache HTTP Server before 2.4.8 allows remote attackers to cause a
denial of service (segmentation fault and daemon crash) via a crafted cookie
that is not properly handled during truncation.
The dav_xml_get_cdata function in main/util.c in the mod_dav module in the
Apache HTTP Server before 2.4.8 does not properly remove whitespace
characters from CDATA sections, which allows remote attackers to cause a
denial of service (daemon crash) via a crafted DAV WRITE request.
This issue was resolved and addressed in
GLSA 201408-12 at http://security.gentoo.org/glsa/glsa-201408-12.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).