Changes with Apache 1.3.41

  *) SECURITY: CVE-2007-6388 (cve.mitre.org)
     mod_status: Ensure refresh parameter is numeric to prevent
     a possible XSS attack caused by redirecting to other URLs.
     Reported by SecurityReason.  [Mark Cox]

Changes with Apache 1.3.40 (not released)

  *) SECURITY: CVE-2007-5000 (cve.mitre.org)
     mod_imap: Fix cross-site scripting issue.  Reported by JPCERT.
     [Joe Orton]

  *) SECURITY: CVE-2007-3847 (cve.mitre.org)
     mod_proxy: Prevent reading past the end of a buffer when parsing
     date-related headers.  PR 41144.
     With Apache 1.3, the denial of service vulnerability applies only 
     to the Windows and NetWare platforms.
     [Jeff Trawick]

  *) More efficient implementation of the CVE-2007-3304 PID table
     patch. This fixes issues with excessive memory usage by the
     parent process if long-running and with a high number of child
     process forks during that timeframe. Also fixes bogus "Bad pid"
     errors. [Jim Jagielski, Jeff Trawick]