httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: CVE-2007-6203
Date Mon, 17 Dec 2007 21:06:20 GMT
On Sun, Dec 16, 2007 at 08:37:08PM +0100, Stefan Fritsch wrote:
>  *) http_protocol: Escape request method in 413 error reporting.
>      Determined to be not generally exploitable, but a flaw in any case.
>      PR 44014 [Victor Stinner <victor.stinner inl.fr>]
> 
> This is CVE-2007-6203. Maybe you should add the reference to the CHANGES file?

I don't think that's a good idea since we don't want to mislead users 
into thinking a security issue exists here.

Mark, do you think it would be OK to track such non-issues that 
nonetheless get assigned CVE names via the vulnerability tracking pages?  
We could write them up with "impact: None"?

joe

Mime
View raw message