* SECURITY UPDATE: response data disclosure in mod_proxy_ajp when a client request with no request body was sent - debian/patches/900_CVE-2009-1191.dpatch: adjust modules/proxy/mod_proxy_ajp.c to not reuse a connection when the client closes a connection without sending a body - CVE-2009-1191 * SECURITY UPDATE: Includes option could be overridden via .htaccess file when AllowOverride restrictions do not permit it - debian/patches/900_CVE-2009-1195.dpatch: adjust server/config.c, server/core.c, modules/filters/mod_include.c, include/http_core.h to only enable .htaccess override when permitted. - CVE-2009-1195