httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: svn commit: r609953 - /httpd/httpd/branches/2.2.x/CHANGES
Date Wed, 09 Jan 2008 13:56:58 GMT

On Jan 8, 2008, at 3:19 PM, Ruediger Pluem wrote:

>
>
> On 01/08/2008 05:47 PM, Ruediger Pluem wrote:
>>
>> On 01/08/2008 05:12 PM, William A. Rowe, Jr. wrote:
>>> rpluem@apache.org wrote:
>>>> +  *) SECURITY: CVE-2008-0005 (cve.mitre.org)
>>> I thought we concur that (short of direct html injection in the  
>>> page's
>>> <head>) the browser misdetection of UTF-7, contrary on it's face to
>>> RFC2616, was a client specific problem?  If so, this is a  
>>> "related to
>>> CVE-2008-0005" footnote, not the topic.
>>
>> So did I misunderstood Mark in its mail on security@?
>> I am now confused, because the browser issue is one and the same for
>> all cases. Why having a special CVE number for the mod_proxy_ftp case
>> then?
>> Anyway I can change this to a footnote if you like.
>>
>
> BTW: Shouldn't we drop 2.2.7 entirely from the CHANGES file and put  
> all
> changes since 2.2.6 under 2.2.8?
>

No, since there *was* a 2.2.7... it just wasn't released.

Mime
View raw message