New apache version is available, which fixes CVE-2015-3183, CVE-2015-3185, CVE-2015-0253, CVE-2015-0228, gives better default recommended SSLCipherSuite and SSLProxyCipherSuite, contains Event MPM improvements, and added support for CGIPassAuth directive.
For complete list, read http://www.apachelounge.com/Changelog-2.4.html
Sources can be found here: http://archive.apache.org/dist/httpd/httpd-2.4.16.tar.bz2
Sorry, accidently linked changelog from apachelounge, ASF changelog can be seen here: http://www.apache.org/dist/httpd/CHANGES_2.4.16
The ebuild used for 2.4.12-r1 seem to work without problems for 2.4.16, without modifications.
+*apache-tools-2.4.16 (16 Jul 2015)
+ 16 Jul 2015; Lars Wendler <email@example.com>
+ apache-tools-2.4.12.ebuild, +apache-tools-2.4.16.ebuild:
+ Version bump (bug #554948). Slightly tweaked openssl dependency.
+*apache-2.4.16 (16 Jul 2015)
+ 16 Jul 2015; Lars Wendler <firstname.lastname@example.org> +apache-2.4.16.ebuild:
+ Version bump (bug #554948).
No stabilization planned yet.
vulnerable versions are gone from the tree
Added to existing GLSA.
This issue was resolved and addressed in
GLSA 201610-02 at https://security.gentoo.org/glsa/201610-02
by GLSA coordinator Kristian Fiskerstrand (K_F).