Mandriva Linux Security Advisory 2012-019 - tables/apr_hash.c in the Apache Portable Runtime library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service via crafted input to an application that maintains a hash table. APR has been upgraded to the latest version which holds many improvements over the previous versions and is not vulnerable to this issue.
2f0732428057c2cf4982c39b6f22639ab7af589665b4b7b9078e4a48132c865e
The mobile.chicagotribune.com site suffers from a cross site scripting vulnerability. Editor's note 01/04/2013: Per the advisory author, Chicago Tribune has addressed this vulnerability.
cb5868295d95e6e2adccde2d047576233388b74c94df149c189b172e92430175