Debian Linux Security Advisory 2117-1 – APR-util is part of the Apache Portable Runtime library which is used by projects such as Apache httpd and Subversion. Jeff Trawick discovered a flaw in the apr_brigade_split_line() function in apr-util. A remote attacker could send crafted http requests to cause a greatly increased memory consumption in Apache httpd, resulting in a denial of service.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/94508/dsa-2117-1.txt
Source: https://packetstormsecurity.com/files/94508/Debian-Linux-Security-Advisory-2117-1.html