*) SECURITY: CVE-2010-1623 (cve.mitre.org)
   Fix a denial of service attack against apr_brigade_split_line().
   [Stefan Fritsch]

*) SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org)
   Fix two buffer over-read flaws in the bundled copy of expat which
   could cause applications to crash while parsing specially-crafted
   XML documents.  [Joe Orton]

*) Upgrade bundled copy of expat library to 1.95.7.  [Joe Orton]

*) apr_thread_pool: Fix some potential deadlock situations.  PR 49709.
   [Joe Mudd <Joe.Mudd sas.com>]

*) apr_thread_pool_create: Fix pool corruption caused by multithreaded
   use of the pool when multiple initial threads are created.  PR 47843.
   [Alex Korobka <akorobka fxcm.com>]

*) apr_thread_pool_create(): Only set the output thread pool handle on
   success.  [Paul Querna]

*) DBD ODBC support: Fix memory corruption using apr_dbd_datum_get() with
   several different data types, including APR_DBD_TYPE_TIME.  PR 49645.
   [<kappa psilambda.com>]

*) Add support for Berkeley DB 4.8 and 5.0.  PR 49866, PR 49179.
   [Bernhard Rosenkraenzer <br blankpage.ch>,
    Arfrever Frehtes Taifersar Arahesis <arfrever.fta gmail.com>]

*) Make bundled expat compatible with libtool 2.x.  PR 49053.
   [Rainer Jung]

*) Prefer libtool 1.x when searching for libtool in
   bundled expat release process. [Rainer Jung, Jim Jagielski]

*) Improve platform detection for bundled expat by updating
   config.guess and config.sub. [Rainer Jung]