This could cause a Denial of Service and under certain circumstances cause arbitrary code execution.
A fix is available here:
The patch hasnt made it into upstream yet...still waiting.
Patch has been added and version bumped. Please have other arches test. web-apps herd should have to be notified about apache bugs.
x86 ppc sparc mips alpha hppa amd64 ia64: please mark stable
Stable on alpha.
Stable on sparc
Stable on mips
Stable on x86.
Stable on hppa.
GLSA is ready.
ppc, amd64: please mark stable so it can go out :)
Stable on ppc too
Stable on amd64. Sorry for the delay.