httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: svn commit: r609953 - /httpd/httpd/branches/2.2.x/CHANGES
Date Tue, 08 Jan 2008 16:47:06 GMT


On 01/08/2008 05:12 PM, William A. Rowe, Jr. wrote:
> rpluem@apache.org wrote:
>> +  *) SECURITY: CVE-2008-0005 (cve.mitre.org)
> 
> I thought we concur that (short of direct html injection in the page's
> <head>) the browser misdetection of UTF-7, contrary on it's face to
> RFC2616, was a client specific problem?  If so, this is a "related to
> CVE-2008-0005" footnote, not the topic.

So did I misunderstood Mark in its mail on security@?
I am now confused, because the browser issue is one and the same for
all cases. Why having a special CVE number for the mod_proxy_ftp case
then?
Anyway I can change this to a footnote if you like.


Regards

RĂ¼diger


Mime
View raw message