Update apache to 1.3.41.

Changes with Apache 1.3.41

  *) SECURITY: CVE-2007-6388 (cve.mitre.org)
    mod_status: Ensure refresh parameter is numeric to prevent
    a possible XSS attack caused by redirecting to other URLs.
    Reported by SecurityReason.  [Mark Cox]

Changes with Apache 1.3.40 (not released)

  *) SECURITY: CVE-2007-5000 (cve.mitre.org)
    mod_imap: Fix cross-site scripting issue.  Reported by JPCERT.
    [Joe Orton]

  *) SECURITY: CVE-2007-3847 (cve.mitre.org)
    mod_proxy: Prevent reading past the end of a buffer when parsing
    date-related headers.  PR 41144.
    With Apache 1.3, the denial of service vulnerability applies only
    to the Windows and NetWare platforms.
    [Jeff Trawick]

  *) More efficient implementation of the CVE-2007-3304 PID table
    patch. This fixes issues with excessive memory usage by the
    parent process if long-running and with a high number of child
    process forks during that timeframe. Also fixes bogus "Bad pid"
    errors. [Jim Jagielski, Jeff Trawick]

Changes with Apache 1.3.39

  *) SECURITY: CVE-2006-5752 (cve.mitre.org)
    mod_status: Fix a possible XSS attack against a site with a public
    server-status page and ExtendedStatus enabled, for browsers which
    perform charset "detection".  Reported by Stefan Esser.  [Joe Orton]

  *) SECURITY: CVE-2007-3304 (cve.mitre.org)
    Ensure that the parent process cannot be forced to kill non-child
    processes by checking scoreboard PID data with parent process
    privately stored PID data. [Jim Jagielski]

  *) mime.types: Many updates to sync with IANA registry and common
    unregistered types that the owners refuse to register.  Admins
    are encouraged to update their installed mime.types file.
    pr: 35550, 37798, 39317, 31483 [Roy T. Fielding]

There was no Apache 1.3.38

(obache)