From $url: SECURITY: CVE-2010-1623 Fix a denial of service attack against apr_brigade_split_line(). The upstream appears to have tagged 1.3.10 for release.
Stabilize dev-libs/apr-util-1.3.10.
amd64 done
x86 stable
Stable for HPPA.
ppc64 done
ppc done
Stable on alpha.
arm/ia64/s390/sh/sparc stable
GLSA Vote: Yes, remote unauthenticated DoS in a common package.
CVE-2010-1623 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1623): The apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
Vote: YES, glsa request filed.
This issue was resolved and addressed in GLSA 201405-24 at http://security.gentoo.org/glsa/glsa-201405-24.xml by GLSA coordinator Sean Amoss (ackle).