On 01/08/2008 05:47 PM, Ruediger Pluem wrote: > > On 01/08/2008 05:12 PM, William A. Rowe, Jr. wrote: >> [EMAIL PROTECTED] wrote: >>> + *) SECURITY: CVE-2008-0005 (cve.mitre.org) >> I thought we concur that (short of direct html injection in the page's >> <head>) the browser misdetection of UTF-7, contrary on it's face to >> RFC2616, was a client specific problem? If so, this is a "related to >> CVE-2008-0005" footnote, not the topic. > > So did I misunderstood Mark in its mail on [EMAIL PROTECTED] > I am now confused, because the browser issue is one and the same for > all cases. Why having a special CVE number for the mod_proxy_ftp case > then? > Anyway I can change this to a footnote if you like. >
BTW: Shouldn't we drop 2.2.7 entirely from the CHANGES file and put all changes since 2.2.6 under 2.2.8? Regards RĂ¼diger
