From owner-freebsd-apache@FreeBSD.ORG  Tue Oct 19 21:38:32 2010
Return-Path: <owner-freebsd-apache@FreeBSD.ORG>
Delivered-To: apache@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BA508106566C
	for <apache@FreeBSD.org>; Tue, 19 Oct 2010 21:38:32 +0000 (UTC)
	(envelope-from pgollucci@p6m7g8.com)
Received: from cell.p6m7g8.net (static-71-178-236-107.washdc.fios.verizon.net
	[71.178.236.107])
	by mx1.freebsd.org (Postfix) with ESMTP id 6A79D8FC22
	for <apache@FreeBSD.org>; Tue, 19 Oct 2010 21:38:31 +0000 (UTC)
Received: from philip.hq.rws (wsip-174-79-184-239.dc.dc.cox.net
	[174.79.184.239]) (authenticated bits=0)
	by cell.p6m7g8.net (8.14.4/8.14.3) with ESMTP id o9JLcU3a089768
	(version=TLSv1/SSLv3 cipher=DHE-DSS-CAMELLIA256-SHA bits=256 verify=NO)
	for <apache@FreeBSD.org>; Tue, 19 Oct 2010 21:38:30 GMT
	(envelope-from pgollucci@p6m7g8.com)
Message-ID: <4CBE0FD6.9030907@p6m7g8.com>
Date: Tue, 19 Oct 2010 21:38:30 +0000
From: "Philip M. Gollucci" <pgollucci@p6m7g8.com>
Organization: P6M7G8 Inc.
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US;
	rv:1.9.1.12) Gecko/20100908 Thunderbird/3.0.7
MIME-Version: 1.0
To: apache@FreeBSD.org
X-Enigmail-Version: 1.0.1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,RDNS_DYNAMIC,
	TO_NO_BRKTS_DYNIP autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on cell.p6m7g8.net
Cc: 
Subject: Fwd: [announce] Apache HTTP Server 2.2.17 and 2.0.64 Released
X-BeenThere: freebsd-apache@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Support of apache-related ports  <freebsd-apache.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-apache>, 
	<mailto:freebsd-apache-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-apache>
List-Post: <mailto:freebsd-apache@freebsd.org>
List-Help: <mailto:freebsd-apache-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-apache>,
	<mailto:freebsd-apache-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Oct 2010 21:38:32 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

both of these are already patched in devel/apr1 so www/apache22 will be
a no-op update.



- -------- Original Message --------
Subject: [announce] Apache HTTP Server 2.2.17 and 2.0.64 Released
Date: Tue, 19 Oct 2010 11:27:33 -0500
From: William A. Rowe Jr. <wrowe@apache.org>
To: announce@httpd.apache.org


   The Apache Software Foundation and the Apache HTTP Server Project are
   pleased to announce the release of version 2.2.17 of the Apache HTTP
   Server ("Apache").  This version of Apache is principally a bug fix
   release, and a security fix release of the APR-util 1.3.10 dependency;

     * SECURITY: CVE-2010-1623 (cve.mitre.org)
       Fix a denial of service attack against apr_brigade_split_line().

     * SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org)
       Fix two buffer over-read flaws in the bundled copy of expat which
       could cause httpd to crash while parsing specially-crafted
       XML documents.

   We consider this release to be the best version of Apache available, and
   encourage users of all prior versions to upgrade.

   Apache HTTP Server 2.2.17 is available for download from:

     http://httpd.apache.org/download.cgi

   Apache HTTP Server 2.0.64 legacy release is also currently available,
   with the same vulnerability correction as well as many others fixed in
   2.2.16 and earlier releases.  See the corresponding CHANGES files linked
   from the download page.  The Apache HTTP Project developers strongly
   encourage all users to migrate to Apache 2.2, as only limited and less
   frequent maintenance is provided for legacy versions.

   Apache 2.2 offers numerous enhancements, improvements, and performance
   boosts over the 2.0 codebase.  For an overview of new features
   introduced since 2.0 please see:

     http://httpd.apache.org/docs/2.2/new_features_2_2.html

   Please see the CHANGES_2.2 file, linked from the download page, for a
   full list of changes.  A condensed list, CHANGES_2.2.17 provides the
   complete list of changes since 2.2.16.  A summary of all of the security
   vulnerabilities addressed in this and earlier releases is available:

     http://httpd.apache.org/security/vulnerabilities_22.html

   This release includes the Apache Portable Runtime (APR) version 1.4.2
   and APR Utility Library (APR-util) version 1.3.10, bundled with the tar
   and zip distributions.  The APR libraries libapr and libaprutil (and
   on Win32, libapriconv version 1.2.1) must all be updated to ensure
   binary compatibility and address many known security and platform bugs.

   This release builds on and extends the Apache 2.0 API.  Modules written
   for Apache 2.0 will need to be recompiled in order to run with Apache
   2.2, and require minimal or no source code changes.

     http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/VERSIONING

   When upgrading or installing this version of Apache, please bear in mind
   that if you intend to use Apache with one of the threaded MPMs (other
   than the Prefork MPM), you must ensure that any modules you will be
   using (and the libraries they depend on) are thread-safe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (FreeBSD)

iD8DBQFMvg/VdbiP+9ubjBwRApERAJ9VmZ0h9acPNhOUix4p/8163n818wCfcwFx
QnXAWqksw3sL9k+kasIa4h8=
=AvhX
-----END PGP SIGNATURE-----